Hi,
We need to get access tokens from our id provider and we had thought about using a Connected System with the OAuth 2.0: SAML Bearer authentication method but the documentation says:
"As soon as Appian gets that SAML bearer assertion, it decrypts it if necessary and signs the user in. Then, for each Connected System that uses the OAuth 2.0: SAML Bearer Assertion Flow, Appian will immediately pass the SAML bearer assertion (along with the Client ID, Client Secret, Scope, and any Additional HTTP Headers set in the connected system) to the authorization server at the Token Request Endpoint. Appian will always pass the SAML assertion unencrypted"
Our id provider requires that scope, grand type and assertion must be provided into the body and we have some questions:
Where does the SAML assertion travel, header or body? Can we get the SAML assertion in some way? Can we move the scope from the header to the body?
Thanks in advance
Discussion posts and replies are publicly visible
AFAIK, the scope parameter can only be configured in the header
Is this related to the other post?
Get SAML Assertion
I suggest to talk to Appian to discuss such internal details.
Hi Stefan,
Yes, it is related with the other post. We are discussing this issue with Appian. So far they have only confirmed that we cannot access the saml assertion.
Thanks