My company has developed an integration with WebEx Training Center. Currently we require users to provide their WebEx username and password, which we then include in each API call. This does not work for WebEx sites that are configured to use SAML single sign-on however. We're investigating the possibility of supporting WebEx with SAML, and we have the below technical questions. The XML API 9.0 Release Notes refer to “OAuth access tokens” and “one time login tickets.” Are these available on all WebEx sites? How do we tell whether they are available for a specific site? Are they the same thing? Where can we find documentation on how to use them? How do we tell whether a specific site is considered to be a “Common Identity site?” If we need to pass a SAML assertion to authenticate the API calls, what are the constraints on this? Is a specific Audience required? Are NotBefore and/or NotOnOrAfter conditions required? Are there any constraints on the IssueInstant and/or AuthnInstant ? Must the assertion be signed? If so, must the signing key be the same one used for SSO? Must the NameID (or other attribute) match the supplied webExID ? Thanks in advance for any and all help!
... View more