I am trying to connect to ACS using a SAML token, problem is ACS has been configured to only accept JWT tokens. What is the best way to convert SAML to JWT?
thanks
1 Answers
10
votes
You should ask your IDP to provide the JWT token as a SAML attribute inside your current SAML tokens, or ask them to provide you with an alternative way of acquiring the JWT tokens you require.
The SAML token (typically a SAML assertion) is usually issued by an identity provider (IDP) and digitally signed - so that the relaying parties can verify authenticity of the token. This means that you cannot convert token from SAML to JWT, as you will be unable to create a new signature on behalf of your IDP.
The JWT specification contains a good explanation of difference between SAML and JWT tokens, you might want to go through it:
While JWTs can do some of the things SAML assertions do, JWTs are not intended as a full replacement for SAML assertions, but rather as a token format to be used when ease of implementation or compactness are considerations.
I'm presuming here that you are not self-issuing your SAML tokens, as in such a case you wouldn't need to convert them - you could create your own JWT token directly.
