CSP Security - Static Files + Redirect
Hey Intersystems Community!
I'm trying to get IRIS to serve static files, including security and redirect to login if no session is present.
This is the flow I am trying to accomplish:
- User Opens a page, <my-iris-instance>/my-app/index.html, index.html being a static file
- User is redirected to the default IRIS Login page since no session is present
- User logs in
- User gets redirected back to index.html
For CSP applications this seems to work. I can open "http://localhost:52773/csp/sys/sec/%25CSP.UI.Portal.Applications.Web.zen..." in an incognito tab and get redirected to the web application configuration page after login. For static files, this does not work when ServeFiles is set to "3" (Use ISC Security).
Now, I understand that it is expected behavior (snipped from source code of Security.Applications):
/// 3 - Use CSP security - If the user has permissions to view a csp/cls page in this application then allow them to view a static file, if they do not have permissions to view a csp/cls page then return a 404 page not found page.<br> Property ServeFiles As %Integer;
Now I'm looking for a way to create a smart workaround for this. I would appreciate any suggestions!
A bit of background Information:
- The static files are an Angular (9) application, the application itself can be served quite well from IRIS with hash-routing
- The Angular app is supposed to utilize the IRIS Session as authentication method, i.E. the Angular app does not do security on it's own, instead relies on IRIS to prevent unauthorized access.
- The target environment does not support containers - static files need to be delivered through IRIS
We do have an implementation already that uses nginx, oauth2-proxy (https://oauth2-proxy.github.io/), IRIS WebGateway and the IRIS oAuth2 Server, and while that works (and fits our security needs), it heavily relies on docker containers.