Forum Discussion

Kevin_Davies's avatar
Kevin_Davies
Icon for Nacreous rankNacreous
Feb 22, 2026
Solved

API Pre-Authentication

Some time ago I was dealing with legacy web applications being retrofitted with modern authentication. As you can imagine this opens up a world of pain when the developers of said applications have l...
API
application delivery
authentication
  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Feb 25, 2026

    Ok then APM will definetely could do the work and provide any authentication method translation.

Kevin_Davies's avatar
Kevin_Davies
Icon for Nacreous rankNacreous
Feb 22, 2026

Not both. The first form of auth to web application front door was SAML. The second form of auth to the proxy was a JWT. The third form which I didnt discuss was an OAuth/OIDC mechanisim between the Proxy and the IDP used to get the JWT for the Proxy. As the IDP was the source of the original SAML authentication the proxy simply needed to go back to the same IDP and the user would be recognised as being logged in.

Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for MVP rankMVP
Feb 22, 2026

Oauth saml bearer assertion flow might also been used in this case. So saml assertion could be exchanged for an access token.

  • Kevin_Davies's avatar
    Kevin_Davies
    Icon for Nacreous rankNacreous
    Feb 22, 2026

    If only it was supported.

    • Injeyan_Kostas's avatar
      Injeyan_Kostas
      Icon for MVP rankMVP
      Feb 22, 2026

      Ok then why not switching saml auth to oauth?

      • Kevin_Davies's avatar
        Kevin_Davies
        Icon for Nacreous rankNacreous
        Feb 25, 2026

        Server application does not support oauth.