SAML Redirect getting CORS error (follow-up)

I have the same set-up as this question: SAML redirect Getting CORS error - Questions / SAML - Okta Developer Community.

For the question above: the resolution was to use user-agent redirect instead of axios redirect. Could someone explain to me how to implement this?

Hi, @markusr! I read the discussion around your post that I mention above. But I am still not clear how you overcame the Axios redirect issues. Sorry, I am sort of new to the web development world and could really use any help.

I solved this and am leaving my steps here in case someone finds them useful. To give some more context: I have an Angular 10 SPA running on my localhost:4200 and I have an Expressjs API running on localhost:5000. When you visit localhost:4200/, I check if you are logged in or not and if you are not, I make a GET call to my localhost:5000/api/auth/sso/saml/login endpoint. That endpoint used to do res.redirect(redirectUrl); which cause the CORS error. So instead, I now do res.send(redirectUrl) and then I take that URL in my Angular app and do window.location.href = redirectUrl;. This will redirect the user in the browser to the IdP login page. Once the user authenticates against the IdP, it is redirected to localhost:5000/api/auth/sso/saml/acs endpoint which builds a JWT and redirects back to localhost:4200/auth-token/:token route. Then in Angular code, I get that token route param and use the token as an Authorization header (Bearer token) for every API call to my localhost:5000.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.