REST API behind SAML with 3-Legged OAuth

We have 3-legged OAuth working to access the REST API for Confluence Server / Cloud. Unfortunately for our clients using SAML, when we issue the API call to fetch the request token (see https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-oauth-authentication), our servers receive a 302 redirect to authenticate via SAML.

What is the recommended way to handle REST API calls behind SAML? How unique are the flows depending on SAML provider?

Thanks and apologies in advance as I'm not very familiar with SAML.

1 answer

0 votes

Hi Andy,

The similar question has been answered in How to use Jira rest api if it uses SAML and SSO.
On top of that, based on the answer from Jira Rest API Single Sign On Authentication - you can configure your SSO to exclude REST URLs.
You can also use Cookie-based Authentication which will authentication your user to SAML and then you can reuse the Cookie for all of your REST URLs. Cookies will have an expiry date, but you also set them not to expire as well.

I hope that this helps!

Cheers!

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.