Issue
I have implemented this Java Spring sample project - SAML2 Example Project - along with an Angular frontend. They are deployed separately.
The default way to logout is by sending a POST
to /logout
, the Java backend will look at cookie for session then respond with a HTTP 302
redirecting to the SAML Identity Provider.
Angular cannot handle HttpClient 302s
as described here - Angular how to handle 302. The solution suggested from this post is to change the response from backend to return 403
instead of 302
because Angular can then intercept the response and redirect itself.
How can I change the Spring Security SAML2 logout response to return another HTTP code? Is there a better way to handle SAML logouts from the Angular application?
Solution
I kept the Java backend working as is. In my Angular app I ended up adding logic after the XHR request handles the 302 grabbing the URL after the XHR request redirects then changing href. Example below. This currently pulls any URL, more conditions could be added to handle errors etc.
logout() {
return this.http.post(AuthService.LOGOUT_API, null, {observe: 'response', responseType: 'text'}).subscribe({
next: response => {
this.location.href = response.url!;
}
});
}
Answered By - mmoussa
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.