We currently have a shibboleth implementation that protects a certain path. However, because this path is actually an HTTP request (made with an AngularJS app using $http), shibboleth will try to "redirect" this request to the Identity Provider, but the browser simply interprets this as a dead request. It gets returned to AngularJS with status=-1 and no associated headers/data.
I would like to intercept this 302 and instead return a 401, and preferably be able to edit the response headers. Are there any ways to do this using Apache or Shibboleth?
# Proxy all requests to WebLogic <Location "/api"> SetHandler weblogic-handler WLSRequest On WebLogicHost services.endpoint.com WebLogicPort 9002 </Location> # For requests marked as protected, apply shibboleth # If this block gets triggered, Shibboleth attempts redirect # which does not work with our architecture <Location "/api/protected"> AuthType Shibboleth ShibRequireSession On ShibApplicationId default ShibExportAssertion On Require Shibboleth </Location>
How it's used in AngularJS:
//API call to unprotected endpoint $http.get('http://hosted.on.apache.com/api/getData'); //API call to protected endpoint - Shibboleth triggered $http.get('http://hosted.on.apache.com/api/protected/getSecureData');