Hi all

I am using Ping federated SSO in our organisation with Siteminder. 

I currently have a sub-domain (Windows Server 2012, IIS 8.5 and .NET 4.5 Web Forms) protected fine.

I am looking to expose a REST based endpoint that will allow other sub-domains to hook in to our application.

These other applications are written in a variety of technologies e.g. Angular/Node, Java etc.

I would have assumed the process would be something like:

1. Client logs-in from their application (different sub-domain).
2. Token is sent from SSO/SM to client app.
3. Client app calls our application via REST with a token.
4. Our application will validate the user/token against SSO/SM.

Is there any information someone could point me towards to see what our options are ? Our REST application is .NET Web API running in IIS 8.5.

thanks in advance

Hi Sean,

If your REST based endpoint is standard uri, then any regular agent can handle the protection already.

If it is not standard uri request, then 

have you looked at Web Services Security feature in CA SSO?

Web Services Security Overview - CA Single Sign-On - 12.7 - CA Technologies Documentation

It may not completely resolve everything you described, but it does provide web service protection.

It is unclear to me how Ping federated SSO in relationship with your use case, or what token were you referring to in step 2.

WSS agent is different from regular agent by design, so you may want to hire a CA service solution architect to scope out the requirement and limitations to ensure seamless integration.

Thanks,

Hongxu