I am integrating WSO2AM with our in-house proprietary Identity Provider (IDP). I was following the wso2 documentation "Exchanging SAML2 Bearer Tokens with OAuth2 - SAML Extension Grant Type". I have added Identity Providers in API Manager's management console and added public certificate .pem of IDP. Next I added wso2am as service provider on our IDP. I have generated a saml token from idp and i now i am ready to exchange it for OAuth token from API Manager. I am getting following error:
{
"error": "invalid_grant",
"error_description": "Provided Authorization Grant is invalid"
}
Following are my parameters to API call:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic xxxxxx" -H "Cache-Control: no-cache" -H "Postman-Token: 83896bce-7243-7580-a616-19232c372ff7" -d 'grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=xxxxxx&scope=PRODUCTION' "https://<wso2am-host>:9443/oauth2/token"
Where assertion is base64 encoded SAML token and Authorization is Base64 encoded consumer key:consumer secret.
please advise whats wrong. thanks.