Hi Godwin, Thanks for explaining the scenario. I wanted to clarify exact use case identified with documentation [1]. According to the offline discussion we had, identified addressing the scenario with IS as Key Manager and will work on that. Thanks for your support on this.
[1] https://docs.wso2.com/display/IS530/SAML2+Bearer+ Assertion+Profile+for+OAuth+2.0+with+WSO2+Travelocity Regards, Dilshani On Wed, Nov 8, 2017 at 10:12 AM, Godwin Shrimal <god...@wso2.com> wrote: > Hi Dilshani, > > Let me explain the use case of SAML2 Bearer Assertion Profile. You have a > webapp which communicate with IS via SAML and authenticate. Then your > webapp need to invoke OAuth2 secured backend APIs. You can't request users > credentials again since the user already entered while login to webapp. > Then how to generate the OAuth2 Access Token and invoke the API? You can > use SAML2 Bearer Grant, Once after the successful authentication, your > webapps getting SAML response, You can pass that SAML response and generate > the access token. > > Please let know if you are not clear with this. > > Thanks > Godwin > > > On Tue, Nov 7, 2017 at 3:59 PM, Dilshani Subasinghe <dilsh...@wso2.com> > wrote: > >> Hi all, >> >> I implemented 10th pattern "Single Sign On with delegated access control" >> in this blog [1]. For that, I have followed "SAML2 Bearer Assertion Profile >> for OAuth 2.0 with WSO2 Travelocity" [2] documentation. >> >> In here we have to generate "OAuth2 Access Token" at the last step. I >> just wanna clarify the use case in this. According to the pattern >> identified in the blog, it uses APIM gateway to verify token. I can't >> identify exact usage of token we are generating at the end of this >> documentation [2]. If we are going to use IS as Key manager from APIM side, >> we can not follow the exact doc. Please correct me if I misunderstood the >> scenario. >> >> Any thoughts on this? Is there any way to continue with generated token >> while connecting to WSO2 APIM or using any other service? >> >> [1] https://medium.facilelogin.com/thirty-solution-patterns- >> with-the-wso2-identity-server-16f9fd0c0389 >> [2] https://docs.wso2.com/display/IS530/SAML2+Bearer+Asserti >> on+Profile+for+OAuth+2.0+with+WSO2+Travelocity >> >> Regards, >> Dilshani >> >> -- >> >> Dilshani Subasinghe >> Software Engineer - QA *|* WSO2 >> lean *|* enterprise *|* middleware >> >> Mobile : +94773375185 <+94%2077%20337%205185> >> Blog : dilshani.me >> >> <https://wso2.com/signature> >> > > > > -- > *Godwin Amila Shrimal* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> > -- Dilshani Subasinghe Software Engineer - QA *|* WSO2 lean *|* enterprise *|* middleware Mobile : +94773375185 Blog : dilshani.me <https://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev