We are using One Login saml authentication for our app which is written in Python and we have a replica of the demo-flask app which does the authentication part.
Once acs endpoint is called, we store the session on Redis, so that expiration can be checked from there.
For the purpose of explanation, we have kept the redis timeout to be 3 mins. app.config['PERMANENT_SESSION_LIFETIME']=1800
Once this time limit is crossed, we once again call the sso end point to verify if the user is autheticated. Now all of this works perfectly fine when we have an asset as a request uri (i.e. any of the images/css/js) but it throws cors issue when we have request uri as one of the API end point (ex-/getuser)
This is the exact error message :
Access to fetch at 'https://***/trust/saml2/http-redirect/sso/a60817f2-08a3-4c28-a0ce-2b4dbcfe75d6?SAMLRequest=&RelayState=%2Fgetuser' (redirected from 'https://ourwebsite/getuser') from origin 'https://ourwebsite' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.