我们的应用程序(AngularJS + REST)受到Shibboleth服务提供商的SSO保护。 问题是我们在尝试对REST服务进行ajax调用时看到了CORS错误,说重定向到IDP失败“跨源请求被阻止:同源策略不允许读取远程资源”
但是,如果我们刷新/重新加载浏览器,一切正常。我相信cookie不会在第一次创建,并在强制重新加载后创建。
显然,这是每次刷新浏览器都不可接受的解决方案。
为了使这项工作无需重新加载,需要做些什么?
提前感谢任何指示。
答案 0 :(得分:2)
I'm dealing with this issue myself. I don't believe there is any CORS support in the Shibboleth IDP, and the solution I'm going with is an active keep-alive ping from the client:
As long as the browser tab is open and the client machine is awake, this will prevent XHR errors of this kind for at least session "lifetime":
lifetime(time in seconds) (default is 28800) Maximum duration in seconds that a session maintained by the SP will be valid. The actual time may be less than this value (if an IdP indicates it should be shorter) but will never be longer. Note that this will not influence sessions maintained by an application.
If the client machine goes to sleep and enough pings are missed, or if the SP's session storage is cleared, they'll get the full screen error pretty immediately and get to reload to either reauth or just reestablish their Shibboleth session.
I think that's the best we can do without CORS in the IDP!
Here's the Apache config that ended up working for me in case anyone else lands here:
hbase(main):067:0> scan 'dummytable', {FILTER => "ValueFilter(=,'binary:2016-01-26')"}
I poll /session-ping every five seconds with XHR and throw up my "your session expired" modal/dimmer when it gets a non-200 status code.