The authentication is handled by the IDP (here ADFS). If both applications are trusted by the same IDP, the user doesn't have to "re-authenticate" as it already has a valid session with the IDP (granted the conditions for that session to be valid are still met - authentication policy, force fresh authentication, access policies, session times... those can influence that behavior).
I don't know how application this is for your scenario and your applications, but you could also request a OAuth token from a SAML token. This is described here: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-saml-bearer-assertion (but it might very well be out of scope for you).
Now if that application is not known by the IDP, you can still do something custom in the app I suppose, but that's no longer a federation question.
How ADFS converting OAuth to SAML assertions
Leandro Lomibao
1
Reputation point
We have a Main Portal Application using OAUTH for Authentication, and another sub-application using SAML. We wanted the users to access the sub-application without requiring to re-login again by using ADFS. How ADFS converting OAuth to SAML assertions?
1 answer
Sort by: Most helpful
-
Pierre Audonnet - MSFT 10,171 Reputation points Microsoft Employee
2021-08-30T17:43:10.643+00:00