[midPoint] REST authentication

Petr Gašparík - AMI Praha a.s. petr.gasparik at ami.cz
Thu Dec 8 11:40:39 CET 2016


Hi Pertti,
My common approach is to create application user in midPoint, that is used
to call midPoint. Advantage is that you can limit privileges/rights to this
user.

Is that suitable for you? Do you need to call midPoint on behalf of
particular user?

regards, Petr

--

s pozdravem

Petr Gašparík
solution architect

gsm: [+420] 603 523 860
e-mail: petr.gasparik at ami.cz


AMI Praha a.s.
Pláničkova 11
162 00 Praha 6
tel.: [+420] 274 783 239
web: www.ami.cz


[image: AMI Praha a.s.]

[image: AMI Praha a.s.]
<http://www.ami.cz/reseni-a-sluzby/bezpecnost-dat/audit-roli-a-opravneni-sap>

Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za
společnost AMI Praha a.s.
jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně
písemnou formu.


2016-12-08 10:43 GMT+01:00 Pertti Kellomäki <pertti.kellomaki at datactica.fi>:

> Hi Petr,
>
> 8.12.2016, 10:51, Petr Gašparík - AMI Praha a.s. kirjoitti:
>
> REST API does not work with browser, so what is the concept of "SSO" here?
>>
>
> The setup is that there is an existing web application where the user
> interacts with the application using a browser. The application uses an
> external identity provider to authenticate the user, and the calls to the
> midPoint REST api come from the backend of the application. There is a 1:1
> correspondance between users in the identity provider and users in
> midPoint. "SSO" may not be the technically correct term here, but anyway I
> would like to let the application backend use midPoint REST api as the
> authenticated user. There is an Apache httpd in front of midPoint, so it
> can be used for verifying tokens or similar tasks.
>
>
> Pertti
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.evolveum.com/pipermail/midpoint/attachments/20161208/59bdd500/attachment-0001.html>


More information about the midPoint mailing list