AnsweredAssumed Answered

How do I use a SAML token (in the transport header) to secure a Rest API against LDAP

Question asked by UoC on Aug 25, 2016
Latest reply on Sep 28, 2016 by UoC

Hello.

 

We would like to use a SAML token (in the transport header) to secure a Rest api returning JSON from the CA API Gateway (v 8.4)  e.g. to a JavaScript App.

 

The solution will use LDAP for Identity and Access management, so the flow is:

 

- Login/authenticate with LDAP user details (Would this require a Login enpoint/api?)

- App/User is issued SAML Token

 

- App/User makes request to gateway endpoint (API) with SAML Token and authorises against LDAP attribute

- API returns appropriate response

 

Could anyone please provide any examples, recommendations or a sample of the policies that are required to do this please? I’m thought there would be recommendations/example available showing the best practices to do this but I can’t find them.

 

This would be greatly appreciated.

 

Many Thanks,

Paul

Outcomes