SAML extension grant type configuration of wso2 api manager

1
votes

I'm configuring SAML SSO and saml to oauth2 bearer token exchange on wso2 products. A wso2 identity server instance for the idp and same instance configured as the service provider for SSO. And another wso2 api manager instance for the saml2 to oauth2 bearer token exchange.

service provider configuration (wso2 is, running on port 9443)wso2 am idp configuration (saml2 to oauth2 token exchange on port 9463)

I'm getting following error when POST to the https://wso2amsrv.com:9463/oauth2/token. ERROR - SAML2BearerGrantHandler Error in constructing XML Object from the encoded String

  1. Not sure the configuration is correct
  2. What is the encoding for the saml assertion? URL encoding or base64 encoding?
1
wso2wso2iswso2-am

1 Answers

2
votes

Configurations does not seems be much correct. SAML2 Assertion is a XML. When you are calling the /token endpoint, SAML2 Assertion must be base64 url encoded. It is great, if you can go through this to understand how you can properly setup to grant an access token with SAML2 bearer assertion profile.