Accepted, Not Yet Planned

It is not secure to share user identity with other applications. So the requested idea will not be implemented in the way it is described. What we're considering instead is implementing some kind of Application identities that can be configured to be granted to use, for example, CoreService API. The custom application will use that App identity to perform requests to CoreService.

The use case is valid and SDL will consider it as part of the future enhancements to security-related features of SDL Tridion, but it will be implemented in some other form.

Allow SAML Authentication to work across (sub) CM web applications

Currently it is not possible to use SAML authentication over a wider scope than just the WebUI web application on the Content Manager (see https://tridion.stackexchange.com/a/19604/54). It would be good if this could be extended to, for example custom pages, running in their own application context under the main SDL Web IIS web application.

Will Price

  • Make sure that you consider the need to apply Tridion authorisations for actions triggered from custom applications. Many custom pages use the core service to allow users to manipulate CM items. It is thus important that the application user can mimic actual user context and thus have the same group membership claims. Otherwise this is not much better than turning authentication off and using a system account.