SSO authentication for REST API calls

Cantor, Scott cantor.2 at
Wed May 4 09:42:50 EDT 2016

> How can we authenticate a REST API call using Shibboleth IdP? IdP needs to
> authenticate both users and REST API calls.

Generally speaking you don't. The mechanisms SAML provides for that are not implemented in any REST tools, and that community has chosen OAuth as their solution, lack of security notwithstanding. We don't have OAuth support at present. If we get funding for that, it will likely be worked on at some point.

Our solution for it with SAML is based on the ECP profile and is not documented for V3 at the moment, though it's been implemented.

-- Scott

More information about the users mailing list