Hi IAM team, As a part of my third party web application implementation to add users and roles I would like to try if the logged in admin user can perform the relevant activity within the app.
In order to test Login in to the web app I will be using SAML Post binding and as well as the Redirect binding. When I use the Post binding, I can capture the user name and password and generate Basic authentication token retrieving it from the servlet request. My question is, 1. If I use redirect binding, since the IDP can be any application like wso2 IS or Facebook or salesforce etc *(a)* is it a valid use case to use the logged in user admin's credentials to generate auth token? *(b)* Or should I hard code one particular admin user's credentials or auth token which is configured as admin for the thirdparty web app to perform the relevant activities? 2. If *(a) *is valid, how can I retrieve it from the session. I can retrieve the username from the SAML2SSO session, but my question is how to retrieve the password to generate auth token? Appreciate your response. Thanks, -- *Ushani Balasooriya* Associate Technical Lead - EE; WSO2 Inc; http://www.wso2.com/. Mobile; +94772636796
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev