Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
NetIQ Access Manager supports the SAML2 bearer grant. Access Manager supports only the authorization grant flow for assertion and the assertion is used for authenticating the user.
You can use SAML2 assertions to request an access token. Access Manager validates the assertion and generates the access token for accessing OAuth protected resources.
But the other way, when a client/user possess an OAuth2 access token and there is a need for SAML2 assertion, this solution explains how to do that with existing NetIQ Access Manager 4.x.
Authenticate the user using NetIQ Access Manager issued OAuth2 access token as part of SAML2 federation without prompting for user credentials.
This solution will help to federate with Service Provider when Oauth2 client has access token.
NetIQ Access Manager should be enabled with mobile access or create new class, method and contract in order to have Oauth2 contract.
https://login.idp.com/nidp/app?id=MobileToken&target= https://login.idp.com/nidp/saml2/idpsend?PID=https://idp.siteb.novell.com:8443/nidp/saml2/metadata
GET /nidp/app?id=MobileToken&target= https://login.idp.com/nidp/saml2/idpsend?PID=https://idp.siteb.novell.com:8443/nidp/saml2/metadata HTTP/1.1
Host: login.idp.com
Content-Type: text/html
Authorization: <>
GET /nidp/app?id=MobileToken&target= https://login.idp.com/nidp/saml2/idpsend?PID=https://idp.siteb.novell.com:8443/nidp/saml2/metadata&access_token=<> HTTP/1.1
Host: login.idp.com
Content-Type: text/html
Please share your comments!!