AnsweredAssumed Answered

Authenticating a fat-client application in SAML by re-using the Windows Desktop sign in

Question asked by steve.seg on Feb 15, 2017
Latest reply on Feb 24, 2017 by mulvi07

Our product is a fat-client Windows executable running in Windows 7 or Windows 10 desktop.  This fat-client talks to an application server via Web Services.  The application server is protected by Siteminder.  Customers wish to use SAML as the authentication protocol.  This works fine for Web browsers that build in the redirection and SAML support, but is problematic for a fat-client executable. 

 

The user sessions within the Windows 7 and 10 desktop operating system are already authenticated via SAML and Siteminder.  Is there a way we can piggy back on this authentication?  For instance, if our Web Service request comes in to Siteminder from the SC with a Windows header, can we have a Siteminder rule that will strip the authentication information from this Windows request header and inject it into the header of our Web Service request? 

 

The idea is to do this before touching the application server and avoiding any prompt for SAML authentication.  Alternately, is there any other way of leveraging the Windows Security Context for sites using SAML?

Outcomes