SSOv2 is basically just a set of web interfaces that sit under the url https://websignon.warwick.ac.uk/sentry. Not just anyone can request these pages for security reasons, it is restricted on a per server basis. If you do not have permission to view these interfaces, you'll get an HTTP Permission Denied error (403).
There are four interfaces:
- Getting user information from their login token (WarwickSSO cookie) (requestType=1)
- Getting user information by the usercode (requestType=4)
They are generally requested like this:
https://websignon.warwick.ac.uk/sentry?requestType=1 with POST data "token=abc"
Request types 2 and 3 are deprecated and should not be used in your application.