Idea ID: 2878138

IDM REST Driver certificate based authentication

Status: Accepted

The rest driver provides a flexible generic connection between IDM and a connected application supporting a REST API. It provides out of the box a number of useful configuration options to authenticate to a whole suite of different end points using different authentication methods. One method which is really important and appears to be missing from the default configuration options is Certificate Based Authentication (CBA) which is becoming increasingly important as a strong modern authentication method.

 

OpenText support and provide the option to use CBA as part of other drivers (eg. the Azure Driver), but this is not currently supported as part of the REST driver. As a customer we have a requirement to authenticate an existing REST driver to Azure using CBA in order to move away from older authentication methods. This has become critical. On investigation and discussions with support it appears that CBA is not currently supported on the REST shim, although the Azure driver which implements a number of the REST driver capabilities does have this functionality. This enhancement request is to provide support for certificate based authentication on the REST driver shim, to allow the already useful tool to become much more flexible and support strong modern authentication. A number of customers currently have technical limitations that prevent the use of the Azure shim, and instead use their own implementations through the REST driver and Graph API, so I believe this could be very benificial to a number of organizations who want to use CBA.

Parents Comment
  • Hi Philipp,

    Certificate Based Authentication (CBA) is the approach often used by Azure/Entra apps to connect securely to the Graph API, it differs from traditional Mutual Auth cert methods which I don't believe Graph supports (I may be wrong on that one). Whilst Mutual auth is supported on the REST driver, CBA is not currently, however the capability should be there as the Azure Driver for example currently supports this method as it is fast becoming one of the preferred auth methods for Azure based apps. Many IDM customers use the REST driver and Graph to implement their own custom approach for Azure due to the flexibility, so it seems like a good idea to extend the REST driver to support this modern authentication method.

Children