Posts

SAML Bearer Assertion Flow in Office 365,Graph API with ADFS-2

Image
In the previous post, we looked into the high level approach of fetching an OAuth token to get data from Graph API based on SAML assertion. Now let us understand on how we can actually fetch SAML Asserstion. OAuth 2.0 SAML Bearer Assertion Flow The OAuth 2.0 SAML bearer assertion flow defines how a SAML assertion is used to request an OAuth access token. A SAML assertion is an XML security token issued by an identity provider and consumed by a service provider. The service provider relies on its content to identify the assertion’s subject for security-related purposes. Pre-Requisites There is a trust relationship between the authorization server/environment- O365 and the issuer of the SAML 2.0 bearer assertion, which is the identity provider - ADFS. To configure ADFS for SSO and IDP you may refer to this article The application is registered in the office portal with below necessary configurations.Since we are using OAuth V2.0 endpoint,so need to register the application in

SAML Bearer Assertion Flow in Office 365,Graph API with ADFS-1

Image
The Puzzle What is the challenge in getting authenticated and access data through Office 365 and Azure AD was the question when i started working on this concept. But to my surprise and learning on the way we understood there is much more to it which is not properly documented and would be helpful in case you are also coming across this particular scenario.So here is the question, what's the challenge and what is so interesting, is it not that office 365 and Azure AD works hand in hand and can possibly give you authentication tokens to access the hub which is called the The Graph API's. Well, in this particular scenario there were series of challenges which could not be accomplished with the basic understanding on OAuth flows. So what's the ghost problem ? Is it really that haunting ghost? Well it was ! It all started with an intent of accessing the Graph API for different workloads in office 365 viz Accessing an outlook task,planner task or for that matter rea