This content has been marked as final.
Show 2 replies
-
1. Re: Best practice - SAML based authentication and REST APIs
anil.saldhana Jul 31, 2013 1:27 PM (in response to meetoblivion)http://lists.jboss.org/pipermail/security-dev/2013-June/001327.html
This thread has some pointers to one approach we have taken.
-
2. Re: Best practice - SAML based authentication and REST APIs
meetoblivion Aug 12, 2013 8:22 PM (in response to anil.saldhana)Hi
Well, I guess that starts things. So, assuming that I have a client that can reach out to the SAML provider, and receive a token, right now I have to parse the HTML response of Picketlink to get that SAML token. Do I send over the entire token? It would honestly be more efficient (assuming that I am using picketlink as my IDP) if I could hit a REST API in PLink that generates the token and pass that over to the server.