Currently there are some limitations to authenticate web services through SSO. However you can follow below steps for Web Service API’s to work with SSO:
Steps to authenticate REST service along with SSO using basic authentication:
- Uncomment the security-constraint only for url-pattern /rest/* in web.xml.
- Uncomment the realm for LDAP/AD as required in server.xml as required. or configure tomcat-users.xml with username & password for web service authentication
- Skip the rest url from applicationContext-security.xm
l by adding <security:http pattern=”/rest/**” security=”none” />. This will remove the security from rest services and the request will not be sent to IDP for authentication and authorization.