question

LeandroLomibao-4909 avatar image
0 Votes"
LeandroLomibao-4909 asked piaudonn answered

How ADFS converting OAuth to SAML assertions

We have a Main Portal Application using OAUTH for Authentication, and another sub-application using SAML. We wanted the users to access the sub-application without requiring to re-login again by using ADFS. How ADFS converting OAuth to SAML assertions?

adfs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

piaudonn avatar image
0 Votes"
piaudonn answered

The authentication is handled by the IDP (here ADFS). If both applications are trusted by the same IDP, the user doesn't have to "re-authenticate" as it already has a valid session with the IDP (granted the conditions for that session to be valid are still met - authentication policy, force fresh authentication, access policies, session times... those can influence that behavior).
I don't know how application this is for your scenario and your applications, but you could also request a OAuth token from a SAML token. This is described here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-saml-bearer-assertion (but it might very well be out of scope for you).
Now if that application is not known by the IDP, you can still do something custom in the app I suppose, but that's no longer a federation question.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.