How ADFS converting OAuth to SAML assertions

Leandro Lomibao 1 Reputation point
2021-08-24T05:46:06.27+00:00

We have a Main Portal Application using OAUTH for Authentication, and another sub-application using SAML. We wanted the users to access the sub-application without requiring to re-login again by using ADFS. How ADFS converting OAuth to SAML assertions?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,209 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
    2021-08-30T17:43:10.643+00:00

    The authentication is handled by the IDP (here ADFS). If both applications are trusted by the same IDP, the user doesn't have to "re-authenticate" as it already has a valid session with the IDP (granted the conditions for that session to be valid are still met - authentication policy, force fresh authentication, access policies, session times... those can influence that behavior).
    I don't know how application this is for your scenario and your applications, but you could also request a OAuth token from a SAML token. This is described here: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-saml-bearer-assertion (but it might very well be out of scope for you).
    Now if that application is not known by the IDP, you can still do something custom in the app I suppose, but that's no longer a federation question.

    0 comments No comments