search

dmikusa / static-site-oidc-example

A small example static site which is protected by mod_auth_openidc as configured by the PHP buildpack
0 stars 0 forks source link

Angular JS UI application integration with SiteMinder SSO #1

Open skairamk opened 5 years ago

skairamk commented 5 years ago

Apologies... for creating this in issues. its actually few questions related to my project work.

I have an Angular JS UI application and i am trying to have SSO enabled with SiteMinder. The UI application is deployed on Pivotal Cloud foundry.

I read the code and i see that, the spa.html is caling redirect_url using fetch('/redirect_url?info=json') and getting the access_token.

Question 1: what service url(redirect_url) is this? how does it redirect to Oauth2 provider login page?

Question 2: do we need to invoke the uaa from the UI code always? The reason i ask this because, i have implemented Siteminder SSO with AngularJS UI with apache webserver and tomcat application servers. The site minder agent was installed on apache and it has taken care of redirecting the user to login page. no code was written in the UI code. can we accomplish similar behavior on AngularJS app on PCF?

can you please review my questions and provide your feedback, please? thank you very much in advance.

dmikusa commented 5 years ago

Question 1: what service url(redirect_url) is this? how does it redirect to Oauth2 provider login page?

That url is provided by mod_oidc. You can change it if you want, in the configuration file -> https://github.com/dmikusa-pivotal/static-site-oidc-example/blob/master/vars-uaa-sso.yml#L16

Question 2: do we need to invoke the uaa from the UI code always?

Sorry, don't understand what you mean here. In this example, your code does nothing. All you need to do is configure mod_openidc and it will make sure users are logged in before accessing your static files.

The site minder agent was installed on apache and it has taken care of redirecting the user to login page. no code was written in the UI code. can we accomplish similar behavior on AngularJS app on PCF?

It sounds like this siteminder agent is working the same way as mod_openidc. Your UI/javascript code shouldn't need to do anything. The mod_openidc module should wrap your app and require a user to login first. Unlike the siteminder agent, mod_openidc is using OpenID Connect, so it can work with any OpenID Connect provider (UAA & Google are the two example configs included in this repo, but others could be used too).