Hi. Our client is looking to improve the security and authorisation model for the integration with their service gateway to SAP. Currently our system integrations are using basic authentication with a generic username and password, and passing the current username as an additional attribute for audit purposes only. This does not support the pattern of fine-grained authorisation they require. However, the Pega user is authenticated by ADFS single sign-on using SAML.
The client's teams have completed a proof-of-concept that is based on Pega forwarding a SAML Assertion to their Gateway tier. Unfortunately this is not the Assertion that is currently granted for the Pega application in our existing SAML SSO integration, but is another for the same user defined by the SAP application in ADFS.
Can anyone suggest how we can retrieve a second SAML Assertion to forward to a web service API? As I understand it this will require a web page redirect, rather than a server-side request.