With 691 P16 and higher, the loginUser command in our web services API now supports SSO. Refer to the Admin->Web Services page for more details on how to call the command in this case.
The video also demonstrates this functionality
Thanks Sean for demonstrating this! Would this work with a SAML authentication source also? This of course assumes that it's an identity provider initiated setup, where the inbound request would contain a valid SAML assertion. Thanks!
Correct. You can specify any authentication source here. Depending on the auth source, it may expect static credentials in which case you include those in the post content like or it is an auth source like SAML that is going to check for the presence of a SAML assertion in the request.
Thanks Sean for the video. The SAML authentication is not working for us.
We use SamlAuthenticator Type in RSA L&G 7.0P5. The AveksaURL defined in the confuguration (that is protected by SSO) is
aveksaurl = https://myhostname:8443/aveksa/main
The url that is being invoked while using Webservice api is
and it does not invoke the SSO at all. Looks like it is not aligning with what is protected with SSO. So tried to modify the aveksaUrl to
aveksaurl = https://myhostname:8443/aveksa
But with this, the SSO access for the regular UI breaks and webservice invocation is failing too.
What am i missing here?
The most important thing with SAML is that the SAML reponse is for the web service url. So in this case that needs to be for aveksa/command.submit (the web service front door). Most times people just have SSO configured for the aveksa/main (UI front door) and try using a SAML response from the UI incorrectly.
Once you have the SSO configured for both urls, it is a matter of including the SAML response in the body of the post message for the loginUser call with the content type set to x-www-form-urlencoded
Could you please anyone let know is this issue fixed?
There is no issue here to be fixed. May I understand what you are referring to?
I could see that from the above conversation, trying the user with
Try to login user with this getting the error like "Error occurred logging user firstname.lastname@example.org in with authprovider DEVSAMLSSO"
trying to check how this login via webservice is fixed.
The problem with what you mentioned here is that this is not how SAML works.
The way above is if you are using a password-based authentication source, then you would send an XML with username/password in the body. However to login using SAML you would need to provide a valid base64 encoded SAML Assertion in the body as a x-www-form-urlencoded.
Retrieving data ...