Hi all,
considering the following scenario
- IdP platform that expose authentication service via SAML 2.0
- Backend Service platform that expose APIs via Oauth2
- Web Application that play the role of Service Provider, that uses IdP service for user authentication and Backend Service Platform APIs for implementing business logic
In this scenario, IdP and Backend Service Platform are trusted and OAuth2 token is generated using SAMLBearer grant type by passing also the assertion included in the response.
The E2E flow works in this way
1) user hits a Web App URL
2) user is redirected to IdP (SP initiated flow)
3) user is authenticated on IdP and redirected to Web Application
4) web application retrieves SAML assertion from the SAML response
5) web application requests an OAuth2 token by using SAMLBearer as grant type and the assertion as value
6) Backend Service Platform checks the SAML Assertion (signature, encryption etc...) and generates the token
7) web application starts consuming APIs
We were able to succesfully implement the first three steps using simpleSAMLphp v1.13
However, there are no APIs available to get the assertion from the response (the
getAttributes
can only be used to retrieve claims..)
Any idea?
Thanks