SAML2.

0 with OAuth2 Authentication

SAML 2.0

SAML 2.0 is an XML based framework that is used for describing and exchanging security information. It
can be used for Single Sign On (SSO), Identity Management and Federation.

OAuth 2

OAuth 2 is an authorisation framework that enables applications to obtain limited access to user
accounts. However it does not deal with authentication.

The Solution

The implemented solution has the same flow as described in the following

Here the Client gets a SAML bearer assertion from the SAML Identity Provider then requests an access
token from the Authorisation Server using the SAML bearer assertion as proof of identity. The
Authorisation Server then verifies this and passes back an OAuth token which is used by the client to
access the Resource Server.
Step by step SAML implements

The user clicks ‘Get Resource, but since he has not been authenticated yet he is redirected to the SAML
server to provide credentials

The credentials are validated, the user is authenticated using the federated identity (agreed between the
SAML server and OAuth server) and is redirected back to the Client app. The Client app in turn redirects
to the OAuth Authorisation server in order for the user to grant permissions to the Client app to access
resources on his behalf.

After the user grants permission he is redirected back to the Client app main page where he can now
access the resource.