Rally Software

Expand all | Collapse all

Federated AAA or Back-end API Key provisioning?

Jump to Best Answer
  • 1.  Federated AAA or Back-end API Key provisioning?

    Posted 08-10-2017 11:26 AM

    We're using Agile Central SaaS and are seeking an ideal way of enabling federated authentication with your OAuth Server. We are looking to make API requests on behalf of users. So far it seems that you do not support a Bearer Assertion Flow or any equivalent mechanism to integrate with our existent SSO infrastructure. If you are aware of any such possibilities, please let me know. 

     

    Assuming you don't support federated identity integrations, it seems we have to make our users go through more AAA hoops either using API Keys or a dummy machine account. We need our operations to be specifically authorized based on a user's privileges, so the dummy machine account option is not amenable. Which leads us down the API key path.

     

    We would like to save our users the pain of having to get API Keys. Is there a way to gather a Rally API key via your API's (or a similar back-end method)? Does the process of provisioning an API key absolutely require UI involvement?

     

    Thanks in advance, 

    Lucas



  • 2.  Re: Federated AAA or Back-end API Key provisioning?
    Best Answer

    Posted 08-11-2017 12:52 PM

    Posting the response from the support case and the other thread on this issue: 

     

    API key authentication is not supported through SSO and the only mechanism within that framework is by utilization of the exceptions list whereby the API username is added to that 'whitelist'. There are currently no plans in place to integrate saml authentication through API keys. 

     

    Additionally because there is no public endpoint to generate an API key this too must be handled through the application user interface. 

     

    I direct you to FAQ #10 and the links: Set up Single Sign-On (SSO) | CA Agile Central Help   

     

    I'm sorry that this functionality is not available but I encourage you to submit the idea as a request for enhancement at https://ideas.rallydev.com