Hi,
I am trying to secure an Angular application with a REST backend using SAML.
I have configured the applications and after I successfully authenticate the user on the client application the Angular application is rendered but the calls to the REST fail and return the redirect HTML page. How can I pass the authenticated user credentials to the REST application?
In the environment I have the Angular client deployed as a war file testapp.war
in wildfly along with a REST back end deployed as another war file testapp-rest.war
.
I have configured clients in keycloak, one for the REST war and one for the Angular war.
In the wildfly I have added the configuration in the standalone.xml:
<subsystem xmlns="urn:jboss:domain:keycloak-saml:1.3">
<secure-deployment name="testapp.war">
<SP entityID="testapp"
sslPolicy="NONE"
logoutPage="SPECIFY YOUR LOGOUT PAGE!">
<IDP entityID="idp">
<SingleSignOnService signRequest="false"
validateResponseSignature="false"
validateAssertionSignature="false"
requestBinding="POST"
bindingUrl="http://localhost:8280/auth/realms/myRealm/protocol/saml"/>
<SingleLogoutService signRequest="false"
signResponse="false"
validateRequestSignature="false"
validateResponseSignature="false"
requestBinding="POST"
responseBinding="POST"
postBindingUrl="http://localhost:8280/auth/realms/myRealm/protocol/saml"
redirectBindingUrl="http://localhost:8280/auth/realms/myRealm/protocol/saml"/>
</IDP>
</SP>
</secure-deployment>
<secure-deployment name="testapp-rest.war">
<SP entityID="testapprest"
sslPolicy="NONE"
logoutPage="SPECIFY YOUR LOGOUT PAGE!">
<IDP entityID="idp">
<SingleSignOnService signRequest="false"
validateResponseSignature="false"
validateAssertionSignature="false"
requestBinding="POST"
bindingUrl="http://localhost:8280/auth/realms/myRealm/protocol/saml"/>
<SingleLogoutService signRequest="false"
signResponse="false"
validateRequestSignature="false"
validateResponseSignature="false"
requestBinding="POST"
responseBinding="POST"
postBindingUrl="http://localhost:8280/auth/realms/myRealm/protocol/saml"
redirectBindingUrl="http://localhost:8280/auth/realms/myRealm/protocol/saml"/>
</IDP>
</SP>
</secure-deployment>
</subsystem>
Do I need to add code to the client? Is there any sample that you can point me to?
Thanks,
Ion