SAML 2.0 is an XML-based protocol. It uses security tokens containing assertions to pass information about an end-user between a SAML authority and a SAML consumer. A SAML authority is an identity provider (IdP) and a SAML consumer is a service provider (SP).
...
Let's configure the token exchange.
Configuring the token exchange
Note |
---|
Before you begin, make sure you have the following:
|
...
- Combine the consumer key and consumer secret keys as
consumer-key:consumer-secret
. Encode the combined string using base64 (http://base64encode.org)to base64. Here's an example base64 encoded consumer key and secret combination:wU62DjlyDBnq87GlBwplfqvmAbAa:ksdSdoefDDP7wpaElfqvmjDue.
- Access the token API using a REST client such as the WSO2 REST Client or Curl. The parameters are explained below:
Assuming that both the client and the API Gateway run on the same server, the Token API URL is
https://gateway.api.cloud.wso2.com:8243
payload -
"grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<SAML2_Encoded_Assertion_Token>
&scope=PRODUCTION"
. Replace the<SAML2_Encoded_Assertion_Token>
value as appropriate.- headers -
Authorization :Basic <base64 encoded consumer-key:consumer-secret>, Content-Type: application/x-www-form-urlencoded
. Replace the<base64 encoded consumer-key:consumer-secret>
as appropriate.
For example, the following Curl command is used to access the Token API. It generates an access token and a refresh token. You can use the refresh token at the time a token is renewed.
Code Block curl -k -d "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=<Assertion_provided_by_client>&scope=PRODUCTION" -H "Authorization: Basic <Base64 encoded consumer key:consumer secret>, Content-Type: application/x-www-form-urlencoded" https://gateway.api.cloud.wso2.com:8243/token