As promised, here’s another of my weekly tutorial videos on how Layer 7’s OAuth Toolkit can be used to leverage the many grant types and use cases supported by the OAuth 2.0 standard. I’m glad to report that there has been a lot of interest in this series of videos. We get queries about OAuth just about every day, so enterprise architects clearly see this emerging standard as a potentially powerful tool for controlling access to APIs.
For those of you who haven’t seen my previous OAuth 2.0 tutorials, I should explain that the OAuth Toolkit provides a number of OAuth template implementations that can be imported into our Gateways in order to apply OAuth. This template integrates into existing environments by connecting with identity providers and APIs.
This week, I’m explaining the OAuth 2.0 SAML grant type. This grant type is defined in an OAuth extension specification (draft-ietf-oauth-saml2-bearer-09), which defines another grant type not included in the core OAuth specification. This grant type describes how a client application uses a SAML bearer assertion to obtain an OAuth access token.
Although this specification does not describe how the client application obtains the SAML assertion in the first place, the tutorial does use a test application to provide an example in which the user is forwarded to a SAML identity provider which authenticates the user, issues a SAML assertion and redirects the user back to the application. The application then uses this redirected SAML assertion to obtain an access token from the Layer 7 Gateway’s OAuth authorization server endpoint.
Tutorial 4: The SAML Grant Type