How ADFS converting OAuth to SAML assertions

Leandro Lomibao 1 Reputation point

We have a Main Portal Application using OAUTH for Authentication, and another sub-application using SAML. We wanted the users to access the sub-application without requiring to re-login again by using ADFS. How ADFS converting OAuth to SAML assertions?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,209 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee

    The authentication is handled by the IDP (here ADFS). If both applications are trusted by the same IDP, the user doesn't have to "re-authenticate" as it already has a valid session with the IDP (granted the conditions for that session to be valid are still met - authentication policy, force fresh authentication, access policies, session times... those can influence that behavior).
    I don't know how application this is for your scenario and your applications, but you could also request a OAuth token from a SAML token. This is described here: (but it might very well be out of scope for you).
    Now if that application is not known by the IDP, you can still do something custom in the app I suppose, but that's no longer a federation question.

    0 comments No comments