How To: Call an Informatie Vlaanderen SOAP Service in an ActAs scenario

In an ActAs scenario, we supply information about minimal two distinct identities in the SAML token to the service we are calling.

• The certificate used to call the service.

• The original caller, typically the current user logged onto the application making the service call.

When we call an Informatie Vlaanderen SOAP service, we need a SAML token issued by the Informatie Vlaanderen STS for that specific service. To obtain a valid SAML token we use an application certificate to authenticate against the STS. When the service needs information about the application certificate and the original caller, (current user of the application) we pass in the identity about the original caller as an ActAs token in the request to the STS.

As a result we call the service with a SAML token containing the claims and identities of both the certificate and the current user, allowing the service to grant or deny access based on the information of these two identities.

Note
The ActAs scenario will only work if the service supports the ActAs scenario. If a service only needs the claims and identity of the original caller, use the OnBehalfOf scenario. For more information see: How To: Call an Informatie Vlaanderen SOAP Service in an OnBehalfOf scenario