Convert Jwt token or claims principal to SAML token

0
votes

Using Azure AD, I have a .NET Core Web API Controller that has authenticated the user using OAuth2 and I have a JWT Bearer token and a Claims Principal.

Is there any way of using either of these to generate a SAML token so I can call another API, that only supports SAML, on behalf of this user?

2
c#asp.net-coreoauth-2.0saml-2.0

2 Answers

0
votes

AFAIK , currently that is not possible in a on-behalf-of scenario . Similar discussions here and here are for your reference .

0
votes

Yes, this is possible and supported scenario by Azure AD v.1 endpoint.

This is supported as non-standard extension of the On-Behalf-Of authorization flow in OAuth2 framework. More details on the concrete implementation by Azure AD v.1 endpoint is documented here.

Of course, your OIDC application must be granted at least "user_impersonation" permission on the SAML integrated app/api in order the On-Behalf-Of flow to work.

This has been supported since almost the beginning in v.1 endpoints.