My angular 4 client is reaching out to a PingFed server for a SAML2 based authentication.
We are using the saml2-js npm module as middleware between the browser and the pingfed server.
When I press the login button to initiate the login process, I am seeing this in my console
Failed to load https://mypingfed-server/idp/startSSO.ping?SAMLRequest=someSAMLpayload: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost:3000' is therefore not allowed access. The response had HTTP status code 500.
This is a GET request a server endpoint that has the saml2-js module loaded. The endpoint sends the request which results in a 302 redirect.
My question is - how do I set the response header attribute on the pingfed saml 2.0 server?
There seems to be no documentation on how set this attribute on the pingfed server.
Also, is this even the right approach? ie. is there a blind spot in my client configuration that is causing this?
It turns out the documentation is here:
According to the documentation, you can configure the server's response headers in the response-header-admin-config.xml file or the response-header-runtime-config.xml.
I've verified that it resolves my problem. The problem was that the server was not returning the needed response headers. It was a CORs problem that was resolved by properly configuring the pingfed server.