I want to implement SAML for authentication of user and OAuth to protect the API resources I developed. From bunch of readings I believe SAML bearer assertion workflow is what I am looking for. (Kindly correct me if it is wrong or any other alternative is there)
As per my understanding Spring does not support SAML Bearer Assertion for OAuth authorization code grant type for protected resource access.
I tried configuring Spring SAML SP on OAuth Client side but while requesting for token OAuth server requests for authentication again. So as a workaround I am thinking of implementing pre-authentication scenario similar to SiteMinder given on Spring documentation for authorization only. Is it a right approach? (till the time Spring releases the RFC 7522)
