SAML 2.0 is an XML framework for exchanging security information and enabling single sign-on and identity federation, while OAuth 2 is an authorization framework that allows applications to obtain limited access to user accounts but does not handle authentication. The implemented solution uses SAML assertions to authenticate users to the OAuth authorization server, which then issues access tokens to allow clients to access protected resources.
SAML 2.0 is an XML framework for exchanging security information and enabling single sign-on and identity federation, while OAuth 2 is an authorization framework that allows applications to obtain limited access to user accounts but does not handle authentication. The implemented solution uses SAML assertions to authenticate users to the OAuth authorization server, which then issues access tokens to allow clients to access protected resources.
SAML 2.0 is an XML framework for exchanging security information and enabling single sign-on and identity federation, while OAuth 2 is an authorization framework that allows applications to obtain limited access to user accounts but does not handle authentication. The implemented solution uses SAML assertions to authenticate users to the OAuth authorization server, which then issues access tokens to allow clients to access protected resources.
SAML 2.0 is an XML framework for exchanging security information and enabling single sign-on and identity federation, while OAuth 2 is an authorization framework that allows applications to obtain limited access to user accounts but does not handle authentication. The implemented solution uses SAML assertions to authenticate users to the OAuth authorization server, which then issues access tokens to allow clients to access protected resources.
Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1of 2
SAML2.
0 with OAuth2 Authentication
SAML 2.0
SAML 2.0 is an XML based framework that is used for describing and exchanging security information. It can be used for Single Sign On (SSO), Identity Management and Federation.
OAuth 2
OAuth 2 is an authorisation framework that enables applications to obtain limited access to user accounts. However it does not deal with authentication.
The Solution
The implemented solution has the same flow as described in the following
Here the Client gets a SAML bearer assertion from the SAML Identity Provider then requests an access token from the Authorisation Server using the SAML bearer assertion as proof of identity. The Authorisation Server then verifies this and passes back an OAuth token which is used by the client to access the Resource Server. Step by step SAML implements
The user clicks ‘Get Resource, but since he has not been authenticated yet he is redirected to the SAML server to provide credentials
The credentials are validated, the user is authenticated using the federated identity (agreed between the SAML server and OAuth server) and is redirected back to the Client app. The Client app in turn redirects to the OAuth Authorisation server in order for the user to grant permissions to the Client app to access resources on his behalf.
After the user grants permission he is redirected back to the Client app main page where he can now access the resource.
