How to get the SAML OAuth token

1
I have successfully installed and configured the SAML20 AppStore module which has enabled me to log in to my app using SSO. I now want to use the privileges of the logged in user to  call another REST service (in this case Microsoft Graph) using the bearer token of the currently logged in user. I can’t work out though how to retrieve the token from the SAML module.  Can anybody point me in the right direction please.
asked
2 answers
1

Does this help?

https://forum.mendix.com/link/questions/99102

answered
1

Does anybody have a working example for calling the Graph service after receiving the SAML assertion data from SSO?

In our case the claims/groups data from a user is not included in the SAML response because the user has more than 150 groups, so no "<Attribute Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"><AttributeValue>Internet</AttributeValue>...” are returned but only a URL to the Graph service like “<Attribute Name="http://schemas.microsoft.com/claims/groups.link"><AttributeValue>https://graph.windows.net/abcdfe11-2815-4dce-8bc8-813bb8202a4c/users/12cba651-24d9-4af8-9a3d-b718e7230e17/getMemberObjects</AttributeValue>”.

We need to receive the claims/groups data using a seperate REST call to the Graph service to be able to assign the correct roles.

Offcourse the workaround (solution?) would be to limit the number of groups sent by ADFS by using some filtering so that we do not receive more than 150 groups. But in case we might receive more than 150 groups, we need a solution to get the claims/groups using Graph service then too.

 

answered