This documentation is for WSO2 API Manager 1.5.0 View documentation for the latest release.
Page Comparison - Token APIs (v.26 vs v.27) - API Manager 1.5.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


A lot of enterprise applications use SAML2 to engage a third-party identity provider to grant access to systems that are only authenticated against the enterprise application. These enterprise applications might need to consume OAuth-protected resources through APIs from inside the application, after validating them against an OAuth2.0 authentication server. An However, an enterprise application that already has a working SAML2.0 based SSO infrastructure between itself and the IDP prefers to use the existing trust relationship between the IDP and the SP, even if the OAuth authorization server is entirely different from the IDP. The SAML2 Bearer Assertion Profile for OAuth2.0 helps leverage this existing trust relationship . It presents by presenting the SAML2.0 token to the authorization server and changes changing it to an OAuth2.0 access token.


The diagram below depicts this scenario:

Image Added  

[1] A user initialize the flow with a login call to an enterprise application