Does anyone have experience with making get and post calls against the Anaplan API after implementing SSO (SAML 2.0)?
Before we setup SSO, I was able to pass my "username:password" credentials in Base64 to authenticate against the Anaplan REST API and make get + post calls successfully.
Now, when I pass the same credentials I get a bad response from the REST API. I've spoken with my internal network admin and it sounds like setting up a service account is the best solution?
Can anyone confirm if this is true or not?
I know it's been a while since you posted this message. However, is the user you're trying to auth against an "exception user"? If not, this is a requirement in order for a non-sso user to come in the front door making connect and/or API calls. As there really isn't a way to auth via SSO easily.
Just an additional note, we currently support only basic and certificate authentication, which require authenticating directly with our platform. Token auth. is on the roadmap, but no plans for SSO authentication at this time as far as I'm aware.
Certificate based auth is absolutely the best way to go, regardless of SSO integration. Super easy, secure and very flexible.
This is very true, certificate authentication is the best way to go. We have a few articles in the community that provide steps for using certificates if you're using a connector that doesn't natively support importing your certificate, or a custom API solution.
I would strongly advise using Python, or something similar to decode and encode the certificate so you're not plugging your certificate information into an online encoding/decoding tool. Attached is a snippet of the Python code I use for this purpose.
Do you know when will the SSO authentication for API be supported as a formal integration pattern. From a security prespective, SSO authentication is more fool-proof than certificate based authentication and management of users is more federated than having a need to setup an external user.
As far as I'm aware, this isn't on our roadmap. I'm confirming with the product manager now, and will update once I have a response.
I just got back a message from the product owner on this. SAML is for web sessions, but not APIs. We are considering adding OAuth on the roadmap, but must implement a few architectural changes before that can happen.