Layer 7 API Management

Expand all | Collapse all

Can the "Require SAML token profile" assertion work with REST calls?

Jump to Best Answer
  • 1.  Can the "Require SAML token profile" assertion work with REST calls?

    Posted 03-16-2017 10:49 PM

    I would like to use SAML based identity propagation when with the RESTMan API. The application making the RESTMan call has the correct SAML token with the appropriate identity already available and can pass it via a HTTP header.

     

    My plan was to modify the default RESTMan policy and introduce the "Require SAML Token Profile" assertion to it as an additional authentication method, but to my dismay, I do not see a way to specify where the SAML token processed by this assertion should be fetched from! This leads me to believe that the said assertion can only be used with SOAP calls, possibly using the wsman API instead of RESTMan. I have already built out the integration using RESTMan and would prefer not to switch to wsman.

     

    Is there a way to specify the source of the SAML that should be processed by the said assertion? Any other way that I can process the principal and groups on the SAML token so that the identity on it can later be used by the "Authenticate Against Identity Provider" assertion? Any help would be greatly appreciated! Thanks.



  • 2.  Re: Can the "Require SAML token profile" assertion work with REST calls?
    Best Answer

    Posted 03-17-2017 04:20 PM

    You can right-click the assertion and select a target message, as documented here:

    Select a Target Message - CA API Gateway - 8.3 - CA Technologies Documentation 



  • 3.  Re: Can the "Require SAML token profile" assertion work with REST calls?

    Posted 03-17-2017 04:26 PM

    Yikes, not sure how I missed that! I can see that this allows me to select a context variable that contains the SAML which is exactly what I need. Thanks a million!