I am using Ping federated SSO in our organisation with Siteminder.
I currently have a sub-domain (Windows Server 2012, IIS 8.5 and .NET 4.5 Web Forms) protected fine.
I am looking to expose a REST based endpoint that will allow other sub-domains to hook in to our application.
These other applications are written in a variety of technologies e.g. Angular/Node, Java etc.
I would have assumed the process would be something like:
- Client logs-in from their application (different sub-domain).
- Token is sent from SSO/SM to client app.
- Client app calls our application via REST with a token.
- Our application will validate the user/token against SSO/SM.
Is there any information someone could point me towards to see what our options are ? Our REST application is .NET Web API running in IIS 8.5.
thanks in advance