I'm planning to use CBA to do authentication and authorization to a document library. For example, if you have the claim type 'location' equal to 'London' then you are granted access to a folder. Simple, and it works great from the out-of-the-box
web browser interface.
The question is, can the Web Services interfaces also accept a signed SAML token and use those attribute to do authentication and authorization? I would prefer to use the CMIS interface where possible. I understand that the web services
are based on WCF, which leads me to believe I can just modify the web.config to add in WCF directives for ws2007HttpBinding->security->message, but will the SP web services code respond by using the identity in the message?
What I have noticed so far, is that the CMIS interface has directives for only impersonation only. Since CBA identities do not map to windows accounts, I thinking I'm barking up the wrong tree. I'm not dead set on CMIS, so if there are other
web services available to do CBA, I'm all ears.
There's not a lot of practical material on this, and I'm currently working on a PoC to acheive this goal. Any help would be greatly appreciated.
View Complete Post