The context is we have an IT department that received hundreds of calls a day from the business. They have many different systems they must interact with including AD, Exchange, and CA SDM. Instead of having a ton of different windows open it was requested that we write an ASP .Net application to tie in as many systems as possible so our phone takers can simply enter a little information and have the rest automated for them. So far it has been well received, but they must enter their CA credentials at the start of the session (and again if the session expires).
When we first started looking into interacting with the ticketing system it was determined that the SOAP API would best fit our needs. So that was used to automate things such as ticket creation, user lookup and more. So far it has covered all of the bases and works well in C#. We wrote a class library around it to simplify it further.
Recently the SDM system was upgraded to 14.1 and SSO was enabled. Now the ticketing system is very easy to get into and my users are requesting the same ability using our custom application (which also has SSO so we have the information of the user). Unfortunately I have been unable to find a way to do it. I have seen that certification-based authentication is possible, but our company gets very worries when the word "impersonate" is used. Our security department is very strict on how the systems are allowed to be used. I may revisit the loginServiceManaged method and see if I can get traction as this is the only way I see us able to move forward.
If you do have any other ideas I would love to hear them. I am not opposed to doing some wacky ways to make it work (hence the web request to get a SID to use for SOAP) but I cannot find any other solutions.