SSOv2 is basically just a set of web interfaces that sit under the url https://websignon.warwick.ac.uk/sentry. Not just anyone can request these pages for security reasons, it is restricted on a per server basis. If you do not have permission to view these interfaces, you'll get an HTTP Permission Denied error (403).

There are four interfaces:

• Getting user information from their login token (WarwickSSO cookie) (requestType=1)
• Getting user information by the usercode (requestType=4)

They are generally requested like this:

https://websignon.warwick.ac.uk/sentry?requestType=1 with POST data "token=abc"

https://websignon.warwick.ac.uk/sentry?requestType=4&user=testuser

Request types 2 and 3 are deprecated and should not be used in your application.