We are looking for recommended approaches for protecting web applications which use Angular UI routing with CA SiteMinder (SSO). The application team has informed us (the SiteMinder team) that protecting the front-end URLs of their Angular application with SiteMinder will pose some issues with the Angular UI routing. We have previously protected applications that use MVC framework with SiteMinder but Angular appears to be a bit different.
Can anyone share any approaches based on previous experience or knowledge with such implementations?
Would it be possible to share more information on what issue that encounter with following statement from application team?
The application team has informed us (the SiteMinder team) that protecting the front-end URLs of their Angular application with SiteMinder will pose some issues with the Angular UI routing.
I don't have the experience on Angular UI but if we know what the problem that SM contribute to Angular UI routing, it might help to find some workaround.
I agree with Kar Meng, we need more info to be able to help here.
Looking at our support cases, I don't see many customer using Angular JS with SiteMinder.
So, this will be something new for us as well
However, doing some quick google search, other customer seems to have attempted this as well (hopefully successfully)
angularjs - Siteminder SSO + Spring Security + Angular JS - Stack Overflow
Ujwol's Single Sign-On Blog
Thanks for the responses. I am seeking more information from the application team and will follow up when they respond.
I have received more information from the application team on this topic of SiteMinder protecting Angularjs applications.
1. The current Angular 1.6 version uses a UI Router which calls an API endpoint, retrieves data, and then updates the current view with that data. There is no page refresh. SiteMinder is intercepting this call and returning a page with the data as opposed to just the data itself, which is a problem.
2. The current version of Angular (1.6) puts a “#!” before every URL. Hashes in SiteMinder configuration seem to not work well, especially in login page redirections.
Is SiteMinder designed to adequately protect Angular js applications? We are conducting a proof of concept at the moment but would like some recommendations on integrating SiteMinder with applications built on Angularjs framework.
Great to see this post we are also trying to find a good design to do the POC for protecting an Angular application using Siteminder. Do you have any findings/design to share from your POC.