J. wrote:
Hi,
Well, I am a bit confused what you even want to achieve.
exposing validations of passwords to 3rd parties is a no-no in my book.
Unless you are 125% sure the network is safe etc, you might think of exposing a webservice that will have 2 input parameters where in the action you do the validatepassword...
but tbh I would reconsider the architecture of the whole process
Hi J.,
thank you for your response.
The idea it's to implement a SAML "hybrid" authentication where a third party prompts a form where the user just type the password (the username it's already pre populated passed through SAML) the third party systems validate the username and password with the ones stored on their systems (provided by us) and if the user has a valid username and password that response will be sent to us through a SAML response and we will decode the response and login the user in our OS app.
I understand your reluctancy with this process...but is this technically possible to achieve without using a webservice? We have access to password utilities extension from ousystems right? The only thing is to know if that code will work in a third party system....
Cheers