I think you can use SAML bearer grant here and use the access token to access APIs
Thanks, Malithi On Tue, Nov 7, 2017 at 10:11 AM, Ushani Balasooriya <[email protected]> wrote: > Hi, > > Appreciate your response. > > Thanks, > > On Mon, Nov 6, 2017 at 2:04 PM, Ushani Balasooriya <[email protected]> > wrote: > >> Hi IAM team, >> >> As a part of my third party web application implementation to add users >> and roles I would like to try if the logged in admin user can perform the >> relevant activity within the app. >> >> In order to test Login in to the web app I will be using SAML Post >> binding and as well as the Redirect binding. >> >> When I use the Post binding, I can capture the user name and password and >> generate Basic authentication token retrieving it from the servlet request. >> >> My question is, >> >> 1. If I use redirect binding, since the IDP can be any application like >> wso2 IS or Facebook or salesforce etc *(a)* is it a valid use case to >> use the logged in user admin's credentials to generate auth token? >> >> *(b)* Or should I hard code one particular admin user's credentials or >> auth token which is configured as admin for the thirdparty web app to >> perform the relevant activities? >> >> 2. If *(a) *is valid, how can I retrieve it from the session. I can >> retrieve the username from the SAML2SSO session, but my question is how to >> retrieve the password to generate auth token? >> >> Appreciate your response. >> >> Thanks, >> -- >> *Ushani Balasooriya* >> Associate Technical Lead - EE; >> WSO2 Inc; http://www.wso2.com/. >> Mobile; +94772636796 >> >> > > > -- > *Ushani Balasooriya* > Associate Technical Lead - EE; > WSO2 Inc; http://www.wso2.com/. > Mobile; +94772636796 > > -- *Malithi Edirisinghe* Associate Technical Lead WSO2 Inc. Mobile : +94 (0) 718176807 [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
