How to Get Access Token back from SAML Authenticated App

We currently have a SAML app setup that allows users to authenticate to it via SAML, it does not support OIDC. The user authenticates to the app and everything is great. But the app also needs to be able to get an access token from an auth server containing the authenticated users information. The app will then use this access token to make subsequent calls to an API.

We could in theory just generate a client id and secret for machine to machine authentication and then the application can get a token back. But the token will not contain the authenticated users information which the API is expecting in the access token.

Is there some other way to get an access token from an auth server containing user information?

1 Like

Check SAML 2 assertion flow - Implement authorization by grant type | Okta Developer

I did attempt this but it seems that is only intended for a SAML assertion generated from an external IDP. When I try this with our Okta tenant being the IDP it just returns an error saying “‘Assertion’ is not a valid SAML 2.0 Assertion”

1 Like

Do you have any news about this?, the same thing is happening to me, and I see that this flow is for external idp.

Why not just kick off a separate /authorize flow after the user has logged in via SAML? Since they already have an Okta session, they shouldn’t be prompted to re-authenticate and will instead be sent directly to the redirect_uri with either their code/token(s) (depending on the flow you use)?

2 Likes

Yes, I think this solution is even easier, I had not thought of it, I will try it and let you know. thank you very much.

@dmartinez did it work for you? I’m trying to implementing the same thing.