Hi All,
I have an environment where I use a number of Vaadin/Spring Boot apps as Micro Frontends to a main Vaadin/Spring Boot app.
I have now added spring security to the main app, (which is a SAML redirect to a different app to provide authentication), but not touched the other apps (yet). The security all works fine if I run the main app on its own (and keep the other apps turned ‘off’), I can navigate between tabs, click on things etc. If I fire up one of the Micro Frontend apps (which are exported by the WebComponentExporter etc) then once logged into the main app (via SAML) as soon as I navigate around and it shows one of the Micro Frontends I get a Spring Security error…
HttpSessionSecurityContext Repository - SecurityContext is empty or contents are anonymous - context will not be stored in a httpSession.
and
SecurityContextPersistenceFilter - SecurityContextHolder now cleared.
Which then stops Vaadin frontend from talking with the backend, due to the session nolonger being authenticated. (I guess).
Has anybody done/seen this before and can give some pointers??
Thanks,
Stuart.