Web Access Management Using OAuth2 and SAML – WAM 2.0

1. Web Access Management Using OAuth2 and SAML – WAM 2.0 Web Access Management (“WAM”) using open source SAML and OAuth2 software Day by day it is getting more difficult to manage inbound SAML authenticated people while maintaining SSO and central entitlements management for internal websites, SaaS platforms and mobile applications. The diagram above illustrates a concept to centralize Web access management using an UMA Authorization Server “AS“, where the person uses an IDP SAML to authenticate. In this case, the UMA Resource Server “RS” and the UMA Relying Party “RP” are consolidated. The RP sends the user claims, obtained via SAML, with the UMA request to the AS to authorize the token (in this case, the RPT token…) for a given scope.

2. . In this case, the combined RS-RP is similar to a CA Site minder agent. The only reason this works is because the domain controls both the IDP (in this case the Asimba proxy) and the RPs. Note, in many cases, you may not want the RS to act as the RP. For example, if the Apache2 server is an API hub, and the client is a mobile app, you want the RP to be the mobile app which has a connection to the person. There was some discussion on this if you are the type of person who likes to read sequence diagrams. To know more about Open id Connect and Web Access Management Using OAuth2 and SAML – WAM 2.0 feel free to visit Gluu.org.