Forum Discussion
CirrusSSO login for APM Profiles
CirrusThanks for the response. SAML is only 1 Policy/Profile with multiple IdP/SP Partnerships associated.
We only act as an IdP
I am not clear on how we would Federate our OAuth AS with our SAML Policy. Are you saying to Authenticate into OAuth using SAML?
NacreousOk, so you have one Saml Policy and one OAuth policy right?
One option is indeed to federate this Oauth Policy with the Saml one using Saml again. So Saml policy will actually be you main policy.
Another one might be set Scope to Global in Both policies. Did you tried that?
For this to work I guess, i have not tried this, you have to setup also domain cookie and of course serve both policies under the same domain
- BGill__CISSP__C
Correct, 1 of each Profile/Policy
I did attempt to set Scope to Global and it didn't have any effect. It would still be a big improvement if we could get OAuth to work the way SAML is. Once authenticated into the SAML Profile, I can go directly through to any of our other partnerships without form authentication again. With OAuth, I have to form authenticate into each client.
- Injeyan_Kostas
Thats because all you SAML SP configs are under the same policy.
Oauth profile thought is a separate one and actually every oauth session is termnated after you get the token
Did you set up domain cookie after setting scope to global?
So in your case I believe that federatinng Oauth policy with SAML to your Saml policy would make more sense on what you are trying to achieve- BGill__CISSP__C
I don't think that it's worth complicating our solution with an extra Federation. It sounds like it might not be possible to do what we are wanting to. I am also looking into using NTLM for Authentication, that might be a cleaner solution.
