Hello,
this use case is not covered by the actual implementation of SAML for Bonita.
But you may try one of the following solution (I have no time to test it for the moment):
Solution 1:
- Edit the Bonita web.xml file to add the API url patter to the SAML filter,
<filter-mapping >
<filter-name> SAMLFilter </filter-name>
...
<url-pattern> /API/* </url-pattern>
...
- then verify that your Bonita platform is well configured for CORS
(see https://documentation.bonitasoft.com/bonita/7.11/enable-cors-in-tomcat-bundle
and https://community.bonitasoft.com/blog/manage-web-browsers-new-cors-behavior )
This solution would be the best and may work without a custom SAML filter implementation.
The only bad side effect is that in case the session is in timeout, the API call would return the IDP Login page. So you may need to handle this in the web application that trigger the API call.
Solution 2:
This one more Bonita oriented.
- You could create a custom page "Bonita-related-information-page" that display the information you need,
- verify that this page will be available for all the users you need
(Create a dedicated profile? Or add this page as an orphan page in a Living Application?).
- include an iframe in your web application, that target the "Bonita-related-information-page"
Using this solution, you don't need any SAML extra configuration, neither CORS configuration.
Let me know if one of those solutions work for you,
Julien.