I have received more information from the application team on this topic of SiteMinder protecting Angularjs applications.
1. The current Angular 1.6 version uses a UI Router which calls an API endpoint, retrieves data, and then updates the current view with that data. There is no page refresh. SiteMinder is intercepting this call and returning a page with the data as opposed to just the data itself, which is a problem.
2. The current version of Angular (1.6) puts a “#!” before every URL. Hashes in SiteMinder configuration seem to not work well, especially in login page redirections.
Is SiteMinder designed to adequately protect Angular js applications? We are conducting a proof of concept at the moment but would like some recommendations on integrating SiteMinder with applications built on Angularjs framework.