<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009B8oqrCABOkta Classic EngineAuthenticationAnswered2024-06-19T09:53:36.000Z2023-05-17T15:45:56.000Z2023-05-17T16:39:22.000Z

ljmrr (ljmrr) asked a question.

May 17, 2023 at 3:45 PM
Authentication to be used for a SOAP API when switched to OKTA and clients of the API should not know about it

Hi I have a scenario where, I have a SOAP WebService API . The client applications currently use a username/password mechanism which is authenticated against LDAP by ISAM. I would like to have a seamless experience for the clients so that clients should not know we have switched to OKTA but at the same time the incoming requests to the SOAP API must also be authenticated via OKTA. What is the auth mechanism available in this scenario, so that clients shouldn't have to do anything when migrated.

  • 1 answer
  • 802 views
ljmrr likes this.

  • NiallM.34104 (Atlas Identity)

    You have a couple of things to consider.

    1. The SOAP WebService API. It has authentication requirements. What are they ? Okta will use SSO standards, but for APIs the prevailing wind is OpenID Connect. So you need to consider what the API capabilities are for that authentication. If you are limited to basic authentication ( username/password ) you may want to take a look at Okta Access Gateway which is a close proxy for ISAM ( TAM ) and provides options to authentication using old school headers, basic authn etc.
    2. If it's ISAM, I'm assuming it's also ITDS as the LDAP ? You can configure Okta to point to an LDAP for authentication so your user 'migration' will be less of a headache.

     

    So you can get users authenticating to Okta easily. You need to focus on getting those authenticated users to use a supported authentication mechanism for your API

    Expand Post
This question is closed.
Loading
Authentication to be used for a SOAP API when switched to OKTA and clients of the API should not know about it