This may be caused by the redirect in doAuth. You only should call next() if the middleware didn’t render anything. this should fix:

function doAuth(req, res, next) {
  if (req.originalUrl.indexOf('/auth/sso/callback') === 0 || req.originalUrl === '/login') {    
    return next();
  }
  if (!req.isAuthenticated()) {
    callback_url = req.originalUrl;
    return res.redirect('/login');
  }
  return next();
}

also 2 things:

Instead of using app.use('*', (request, response, next) => { doAuth(request, response, next); });

you can simply use app.use('*', doAuth);

and set cors and common headers in the begining of the file (or else some routes will not have cors)