1

We use SiteMinder authentication in our application.

If app user tries to navigate to a particular page https://ourapp.com/myapp/#/pending/requests in our app via direct URL or via bookmarked URL, SiteMinder will redirect to a login page via 302 redirect similar to http://ourapp.com/login?redirect=https%3A%2F%2Fourapp.com%2Fmyapp%2F#/pending/requests asking for user to enter credential in a login form. After successful authentication, user should be redirected to our app and land on the requested page(/pending/requests).

It's working absolutely fine in Chrome and Firefox. When it comes to IE it's landing on https://ourapp.com/myapp/#/home (default landing page) instead of https://ourapp.com/myapp/#/pending/requests.

I have tried various solutions provided in google search results in our app code like,

  • Removing <base> tag in index.html
  • Adding below lines of code at top of the page
// setting location back
window.location = window.location;

// setting location hash back
window.location.hash = window.location.hash;
  • Few other solutions similar to above

Though this Q & A perfectly makes sense,

I still want to preserve the URL hash fragment in IE even it's 3xx redirect for my requirement...!?

Prathap Reddy
  • 1,688
  • 2
  • 6
  • 18

1 Answers1

1

Answering my own Question

I figured out that after successful authentication, SiteMinder is doing 302 redirection to user requested application page by using login form hidden variable value (where it stores user requested URL /myapp/ - without hash fragment since it won't be sent to the server) with name similar to redirect. Sample form below

Sample login form

Since redirect hidden variable value contains only /myapp/ without hash fragment and it's a 302 redirect, the hash fragment is automatically removed by IE even before coming to our application and whatever the solutions we are trying in our application code are not working out.

IE is redirecting to /myapp/ only and it is landing on default home page of our app https://ourapp.com/myapp/#/home.

Have wasted almost a day to figure out this behavior.

The solution is:

Have changed the login form hidden variable (redirect) value to hold the hash fragment by appending window.location.hash along with existing value. Similar to below code

$(function () {
  var $redirect = $('input[name="redirect"]');
  $redirect.val($redirect.val() + window.location.hash);
});

After this change, the redirect hidden variable is storing user requested URL value as /myapp/#/pending/requests and SiteMinder is redirecting it to /myapp/#/pending/requests in IE.

The above solution is working fine in all the three browsers Chrome, Firefox and IE.

Thanks to @AlexFord for the detailed explanation and providing solution to this issue.

Prathap Reddy
  • 1,688
  • 2
  • 6
  • 18
  • 1
    Thanks for posting the solution to this issue. I suggest you try to mark your own answer to this question after 48 hrs when it is available to mark. It can help other community members in the future in similar kinds of issues. Thanks for your understanding. – Deepak-MSFT Jul 16 '20 at 02:38
  • Do you have a GitHub project that demonstrates the POST behavior in IE vs. Chrome/FF without SiteMinder? I would like to view the issue and compare it. – Carlos Jul 28 '20 at 07:25
  • Apparently, I don't. It's company's **internal application issue** and I have solved it this way after little struggle. Checkout [this question and links posted](https://stackoverflow.com/q/51734295/13907595) in it. Irrespective of authentication flow tools (Not only `SiteMinder`), **IE** exhibits this behavior upon **multiple 302 redirects**. Hope it helps. – Prathap Reddy Jul 28 '20 at 07:46