Alright, so hoping someone has used this before.....So we got the SPS AuthN/AuthZ Web Services up and working fine with User ID + Passwords.
However, trying to expand it so that the AuthN service could do certificate based auth.This would to generate a session token based on some signature value.
Problem is, can't seem to find any documentation on doing that. The documents hint at that you should protect the Web Services themselves with x509 - but don't tell you how -- and nothing on if you 'can' further authenticate a signature within the request content to generate a session token for that identity. There's a <binarycreds></binarycreds> but again don't see any details on what exactly that can be used for and just vague references to it can be extended for other auth methods but no guides O_o.
Primarily using the Wiki and Googling for docs, so if there's better I'm all up to reading - https://wiki.ca.com/display/sm1252sp1/Configuring+the+Authentication+and+Authorization+Web+Services#ConfiguringtheAuthenticationandAuthorizationWebServices-ProtecttheWebServices
Basically, what is needed is:
1 - Service A authenticates to SPS Web Service using x509
2 - Service A passes content of message with signed doc????
3 - SPS AuthN Service validates signature/cert and returns session token for that identity
Item 1 shouldn't be too crazy I don't think, but item 2 kind of stuck on 'how' to proceed there. Just stick signature/cert in binarycreds or something else? Sign the message with user key and pass cert?
Any clue if this is even possible and if so pointers on how to set it up or better docs from CA.