Hi,
I would like to know if it is advisable to combine high-level and low-level APIs in a single SP application?
Currently, we are using high-level API for an SP application. However, there is a new requirement to support artifact resolution which, I think, is only possible in low-level API. Is it OK to retain our use of high-level API for POST binding and introduce low-level API for artifact binding? If not, should we use low-level API for all cases, instead? What are the pros and cons?
Please advise.
Thanks,
Earl
Generally it’s not advisable to combine the two APIs as the high-level API isn’t aware of any calls your application makes to the low-level API.
However, if you don’t combine the APIs within the same SSO session you should be ok.
For example, don’t use the low level API for SSO and then the high-level API for SLO of the same user.
You could use the low-level API only for SSO sessions using HTTP-artifact and the high-level API only for SSO sessions using HTTP-Post.
I would recommend continuing to use the high-level API wherever possible. For HTTP-artifact support only, switch to the low-level API.
Very few organizations use HTTP-artifact which is why we didn’t include support for it in the high-level API.
We may look at adding this support to the high-level API in the future.
Thank you for the informative response. The following is exactly what we are trying to do:
“You could use the low-level API only for SSO sessions using HTTP-artifact and the high-level API only for SSO sessions using HTTP-Post.”I do hope that artifact resolution will also be supported in the high-level API soon because having two separate configurations complicate things.
Thanks,
Earl
We’ll add it to our list of possible enhancements for a future release.