JustCooLpOOLe
Nov 10, 2022Cirrocumulus
Smart card authentication (i.e. CAC) and SAML for API Authentication
Just throwing this out there...
Considering you want to have systems and processes querying an API and you wanted to implement the BIG-IP as the Identity Provider using SAML but you also have a requirement where smart card authentication is a requirement. I've never seen anyone successfully query an API where on-demand cert auth was implemented.
Example: Process queries API -> API redirects to BIG-IP as Idp -> BIG-IP asks client for certificate (on-demand cert auth) -> Creds on certificate validated with LDAP query -> BIG-IP sends client back to API -> Client gets data
When client uses a browser, we implement that today with services but not sure about programmatic processes and APIs if that is even possible.