SAML Bearer Assertion Flow for Office 365 Graph API
We have a working implementation of the SAML SSO using the SAML AppStore module. The next step is to use the privilege of the authenticated user to enforce what they can and can’t do via the Office 365 Graph API – this requires an OAuth2 Bearer token. Microsoft provides an API to retrieve a Bearer token based on an available SAML assertion – documented here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-saml-bearer-assertion What I don’t know is where to get the SAML Assertion from the SAML module so I can invoke this API… does anyone know if the assertion is readily available from the SAML module and how to access it?
Sounds interesting. When you have SAML setup correctly you can go to the SAML requests. There you see all the requests and responses. If I have read and understood this document correctly you need the response.xml and use that content to post it to the OAuth token service. The way to retrieve the right response is to based on the current user retrieve the latest SAML request where the principal is the current user. Then you can retrieve the response XML and use the contents of this XML to post to the OAuth token service.