SAML Bearer Assertion Flow for Office 365 Graph API

0
We have a working implementation of the SAML SSO using the SAML AppStore module. The next step is to use the privilege of the authenticated user to enforce what they can and can’t do via the Office 365 Graph API – this requires an OAuth2 Bearer token. Microsoft provides an API to retrieve a Bearer token based on an available SAML assertion – documented here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-saml-bearer-assertion What I don’t know is where to get the SAML Assertion from the SAML module so I can invoke this API… does anyone know if the assertion is readily available from the SAML module and how to access it?
asked
2 answers
1

Hello everybody. I had the same problem, but I solved. In my case the problem was access the calendar.

 

Solution Steps :-
1. Please Add below two “scopes “ in metadata of Authentication.

“Calendars.Read”
“Calendars.ReadWrite”

2. once added please select on “ Selected Scopes” 

3. after that once you authenticate as user you will able to see your calendar in Microsoft pre-defined snippet , able to see your calendar also you can able to send invite , I have tested the functionality .

 

 

 

answered
0

Sounds interesting. When you have SAML setup correctly you can go to the SAML requests. There you see all the requests and responses. If I have read and understood this document correctly you need the response.xml and use that content to post it to the OAuth token service. The way to retrieve the right response is to based on the current user retrieve the latest SAML request where the principal is the current user. Then you can retrieve the response XML and use the contents of this XML to post to the OAuth token service.

Let us know if you got this working because it sounds interesting. And if it does not work you can always use this module in the appstore: https://appstore.home.mendix.com/link/app/73034/EPI-USE-Systems/Microsoft-Graph-Connector

Regards,

Ronald

 

answered