SSO authentication for REST API calls

Youssef GHORBAL youssef.ghorbal at
Wed May 4 10:54:02 EDT 2016

> On 04 May 2016, at 15:42, Cantor, Scott <cantor.2 at> wrote:
>> How can we authenticate a REST API call using Shibboleth IdP? IdP needs to
>> authenticate both users and REST API calls.
> Generally speaking you don't. The mechanisms SAML provides for that are not implemented in any REST tools, and that community has chosen OAuth as their solution, lack of security notwithstanding. We don't have OAuth support at present. If we get funding for that, it will likely be worked on at some point.
> Our solution for it with SAML is based on the ECP profile and is not documented for V3 at the moment, though it's been implemented.

Scott, you triggred my curiosity, can I ask for a brief summary (or the general idea) of what was implemented ?
Thank you.


More information about the users mailing list