SAML to Oauth2 using spring security

So the problem I have is that the SAML already has been implemented in the project using spring-security-saml to integrate with federate IDP.

And now I need to secure REST API calls that are happening from a place where JSESSIONID can't be persisted so I want to exchange SAML Assertion that I get from federate to JWT to provide back to client side so it can be used in Authentication header.

For now I'm a bit lost, I was trying to use JwtAccessTokenConverter from spring-security-jwt to create a JWT token but can't figure out how to glue that together with SAML.

Can someone please shed some light on this one? Or maybe there is another option on how to secure REST API using SAML that I don't know.

Thank you!

1 answer

  • answered 2018-02-13 23:29 Agam

    You can exchange your SAML token with JWT from your IDP if your IDP supports Oauth2 grant type urn:ietf:params:oauth:grant-type:saml2-bearer.

    In this case you need to invoke oauth2 token endpoint of your IDP and pass the saml-assertion, client-id and client-secret and scope=openid as input and your IDP should return you JWT token, which you can use to secure your rest api. This jwt token will also contain all claims you received in SAML assertion.