I have an application (Archibus) that can be configured to use SAML for application level authentication and uses OIDC for the REST apis w/in the application.
The problem Im having is that when I enable SAML authentication for the application, the REST API calls are getting stopped by the same SAML login, vs. bypassing SAML and using the JWT token I've already created via OIDC.
Im trying to figure out how to configure Shibboleth to allow a URL to bypass the SAML auth
https://my.site.com/archibus/api/v1/data/?dataSource=Api_Buildings <-- just use the JWT Token https://my.site.com/archibus <-- use SAML for auth
I configured a RequestMap Path to not requireSession for the archbus/api path and then to requireSession for the rest of application path. When I put the api path first, postman works and returns data, but the application doesnt launch and I cannot login via SAML;
If i put the application first and /api 2nd, the application launches, but the API doesnt work:
<Host name="my.site.com" scheme="https" port="443">
<Path name="archibus/api/v1/data"/>
<Path name="secure" authType="shibboleth" requireSession="true"/>
<Path name="archibus" authType="shibboleth" requireSession="true">
<!--Path name="api" requireSession="false">
<Path name="v1" requireSession="false">
<Path name="data" requireSession="false"/>
</Path>
</Path-->
</Path>
</Host>
