SSO authentication over SOAP

Currently we do not have a method to authenticate with SSO via TechDoc SOAP services due to the complex nature of SSO and the fact that a web browser is needed for most users to obtain the initial credential token. We do have a internal method that we use currently in the TechDoc Client application that displays a Firefox portable browser in a separate process that goes through the SSO process and hands the token back to the client software upon completion. From there the TechDoc Client can utilize the token with our internal REST based protocol.

There has not really been a need up to this point to expose this type of functionality to SOAP. Just as most applications expect you to create a service account for use by the interfacing application, we recommend that a TechDoc User account be created so that standard TechDoc authentication may be used. While the Firefox portable browser serves us well, it does take a lot of work constantly keeping it up to date; this would be an ongoing task for the 3rd party software to stay up to date.

What type of software will you be interfacing with TechDoc?

Is it desired that the software interface be able to work on the user's behalf for more than one user account?

The standard way to support something like this would be for the TechDoc SOAP Services to support a SAML assertion in the WSSE section of the SOAP envelop. However, none of our customers currently support this ability in their SAML infrastructure. Should they add that ability and request us to support it, we would definitely considering adding the capability on our side. We don't add features until there is a need for them since standards keep changing and evolving; we would have to continue to maintain and update a feature that no one is using.

FYI, if you are unfamiliar with SAML Assertions in SOAP services, here is a decent explanation of how they usually look and work. If we add the support at some point, it would probably work similar to this.