The REST services have an operation for "authenticate". But for an already
authenticated user, there should be a way to get the subjectid.
It may be possible to get the subjectid from the cookie or to have saved off the
subjectid when auth was initially performed but there is no way to figure out if
the session is still valid on the server.
When using client sdk, following can be done:
SSOToken token = manager.createSSOToken(request);
If it throws SSOException then the session is invalid else you get the token.
REST service needs something equivalent to the above.