Hi Dilshani, Let me explain the use case of SAML2 Bearer Assertion Profile. You have a webapp which communicate with IS via SAML and authenticate. Then your webapp need to invoke OAuth2 secured backend APIs. You can't request users credentials again since the user already entered while login to webapp. Then how to generate the OAuth2 Access Token and invoke the API? You can use SAML2 Bearer Grant, Once after the successful authentication, your webapps getting SAML response, You can pass that SAML response and generate the access token.
Please let know if you are not clear with this. Thanks Godwin On Tue, Nov 7, 2017 at 3:59 PM, Dilshani Subasinghe <[email protected]> wrote: > Hi all, > > I implemented 10th pattern "Single Sign On with delegated access control" > in this blog [1]. For that, I have followed "SAML2 Bearer Assertion Profile > for OAuth 2.0 with WSO2 Travelocity" [2] documentation. > > In here we have to generate "OAuth2 Access Token" at the last step. I just > wanna clarify the use case in this. According to the pattern identified in > the blog, it uses APIM gateway to verify token. I can't identify exact > usage of token we are generating at the end of this documentation [2]. If > we are going to use IS as Key manager from APIM side, we can not follow the > exact doc. Please correct me if I misunderstood the scenario. > > Any thoughts on this? Is there any way to continue with generated token > while connecting to WSO2 APIM or using any other service? > > [1] https://medium.facilelogin.com/thirty-solution-patterns-with-the- > wso2-identity-server-16f9fd0c0389 > [2] https://docs.wso2.com/display/IS530/SAML2+Bearer+ > Assertion+Profile+for+OAuth+2.0+with+WSO2+Travelocity > > Regards, > Dilshani > > -- > > Dilshani Subasinghe > Software Engineer - QA *|* WSO2 > lean *|* enterprise *|* middleware > > Mobile : +94773375185 <+94%2077%20337%205185> > Blog : dilshani.me > > <https://wso2.com/signature> > -- *Godwin Amila Shrimal* Associate Technical Lead WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ <https://www.linkedin.com/in/godwin-amila-2ba26844/>* twitter: https://twitter.com/godwinamila <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
