We're looking at options for integrating our application with TechDoc, probably via TechDoc's SOAP web services.
Our application, like our TechDoc installation, is integrated with our single sign-on (SSO) infrastructure. When users visit TechDoc in their web browser, they're just redirected through the SSO site, which provides them an SSO token that TechDoc validates to grant them access.
Could this same SSO token be used to authenticate the user via SOAP? If so, our application should, hopefully, then be able to authenticate itself as the user, with all - and only - the appropriate permissions, in order to interact with TechDoc on the user's behalf. If this is possible, how would we need to format the SOAP request to incorporate the SSO token?
Thanks!
-Brandon :)
Comments
Joey Prevo
Not at this time but...
Fri, 03/06/2015 - 11:45Currently we do not have a method to authenticate with SSO via TechDoc SOAP services due to the complex nature of SSO and the fact that a web browser is needed for most users to obtain the initial credential token. We do have a internal method that we use currently in the TechDoc Client application that displays a Firefox portable browser in a separate process that goes through the SSO process and hands the token back to the client software upon completion. From there the TechDoc Client can utilize the token with our internal REST based protocol.
There has not really been a need up to this point to expose this type of functionality to SOAP. Just as most applications expect you to create a service account for use by the interfacing application, we recommend that a TechDoc User account be created so that standard TechDoc authentication may be used. While the Firefox portable browser serves us well, it does take a lot of work constantly keeping it up to date; this would be an ongoing task for the 3rd party software to stay up to date.
What type of software will you be interfacing with TechDoc?
Is it desired that the software interface be able to work on the user's behalf for more than one user account?
Joe Prevo
No SAML Assertions in TechDoc SOAP Services yet...
Fri, 03/06/2015 - 13:18The standard way to support something like this would be for the TechDoc SOAP Services to support a SAML assertion in the WSSE section of the SOAP envelop. However, none of our customers currently support this ability in their SAML infrastructure. Should they add that ability and request us to support it, we would definitely considering adding the capability on our side. We don't add features until there is a need for them since standards keep changing and evolving; we would have to continue to maintain and update a feature that no one is using.
FYI, if you are unfamiliar with SAML Assertions in SOAP services, here is a decent explanation of how they usually look and work. If we add the support at some point, it would probably work similar to this.