The security token API asks for basic authentication. I am using SSO for logging in a user.
This is the API: https://rally1.rallydev.com/slm/webservice/v2.0/security/authorize
Doc: https://rally1.rallydev.com/slm/doc/webservice/authentication.jsp
In an environment using SAML based SSO authentication, how can I fetch the security token for creating/updating resources?
Without the security token, all my calls receive "Not authorized to perform action: Invalid key" error.
Note: I have a valid cookie that I receive using https://sso.rallydev.com/sp/startSSO.ping?PartnerIdpId=sso.company.com&TargetResource=https://us1.rallydev.com/slm/j_sso_security_check?noRedirect=true
I'm not sure if you can do this via SSO- that endpoint only works with basic auth I'm pretty sure. Can you use an API Key instead? That is the preferred approach for external integrations these days- especially in SSO environments. With an API key you shouldn't need to worry about the CSRF validation and subsequent invalid key error.
Also, are you using one of our built-in rest toolkits? Most of them support api keys right out of the box (java, .net, node for sure...)