Hi,
first of all thanks for your reply.
Reading the documentation you provided about NTLM, I understood that in this scenario, the NTML authentication would be performed by API Gateway.
In case we would leverage SiteMinder also for OAuth 2.0 authentication process, is the following high-level approach feasible in your opinion?
1. when needed the OAuth Client redirect the user to authenticate. The user will be redirected to the "/auth/oauth/v2/authorize" endpoint but it will be protected by SiteMinder.
2. SiteMinder will authenticate the user and will generate SMSESSION cookie.
3. The /auth/oauth/v2/authorize endpoint will leverage SMSESSION cookie to consider the user authenticated
Does anyone have any suggestion about?
Thanks,
Daniele