John Healey (healj)
Principal System Architect
Pegasystems Inc.
healj Member since 2011 14 posts
Posted: July 4, 2019
Last activity: July 4, 2019
Posted: 4 Jul 2019 5:09 EDT
Last activity: 4 Jul 2019 5:09 EDT

Getting a second SAML Assertion for system integration

Hi. Our client is looking to improve the security and authorisation model for the integration with their service gateway to SAP. Currently our system integrations are using basic authentication with a generic username and password, and passing the current username as an additional attribute for audit purposes only. This does not support the pattern of fine-grained authorisation they require. However, the Pega user is authenticated by ADFS single sign-on using SAML.

The client's teams have completed a proof-of-concept that is based on Pega forwarding a SAML Assertion to their Gateway tier. Unfortunately this is not the Assertion that is currently granted for the Pega application in our existing SAML SSO integration, but is another for the same user defined by the SAP application in ADFS.

Can anyone suggest how we can retrieve a second SAML Assertion to forward to a web service API? As I understand it this will require a web page redirect, rather than a server-side request.

Data Integration Security
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.