Anyone know if it's possible to utilize the token value from a standard Web Agent cookie against the CA provided authentication/authorization web services?
High Level Example
I've got 1 Web Agent application: standard web based application. And I've also got 2x applications hosting up some web services/other functions that I need to call outside of the browser and on behalf of the user.
I've already got an SPS hosting up the authentication and authorization web services for SOAP/REST.
- AuthN/AuthZ SPS (SPS)
- Web Service App (ServiceApp)
- Web Agent App (UserApp)
- 1x Authentication directory
- I access UserApp and log in to obtain SMESSION
- I select resource /myrequests
- UserApp takes the value of SMSESSION and passes to ServiceApp (contains appid + resource)
- ServiceApp forms SOAP and sends token+appid+resource to SPS
- SPS responds with success to ServiceApp (contains username, etc)
- ServiceApp returns requested functions to UserApp (whatever logic is built in)
- UserApp services up content
- I successfully access /myrequests
So, the above doesn't work currently since every time the SMSESSION token value is passed to the Web Services it always denies authorization. IF I pass a Web Services token generated for appid1 --> appid2/3/4..so on, it works fine. But Web Agent token --> Web Services fails. It's not clear exactly what fails or why, but the logs just show 'authentication failed'.
Essentially I want to use the single token value, whether Web Service generated or Web Agent generated.
Am I missing something really obvious? Is this possible?