serve Shibboleth protected API for machine accounts as well

Cantor, Scott cantor.2 at
Mon Apr 11 13:04:16 UTC 2022

On 4/11/22, 8:54 AM, "users on behalf of Marco Lechner via users" <users-bounces at on behalf of users at> wrote:

>    what is the recommended or the default way to access a server-API protected by Shibboleth/SAML2 from
> machine accountes/scripts?

There isn't one, you covered all of the trade offs. Personally I would say certificate authentication is how servers should deal with each other. The world disagrees with me and thinks weak OAuth bearer tokens are the answer (which is why the client_credentials grant is in the next OP release).

-- Scott

More information about the users mailing list