[Microsoft Office 365 Graph Connector] SAML Standard Authentication and Tokens
Question
microsoft-office-365-graph-connector
Service icon
Forge component by Nuno Fontoura
Application Type
Service

Hello!

In our environment we are using the standard SAML authentication with the Users application suggested here:

https://success.outsystems.com/Documentation/11/Developing_an_Application/Secure_the_Application/End_Users/End_Users_Authentication/Configure_SAML_2.0_Authentication

I saw that we have the two API methods to call the OAuth, but I was wondering if we could get the access token from the Users and use here on Graph Connector to call the Graph methods... is it possible?

Thanks in advance.

Solution

Hi

unfortunately, the short answer is No. SAML assertions are different to OAuth2 tokens and Microsoft Graph is only accepting OAuth2 tokens.

In theory you could exchange a SAML assertion to an OAuth2 token https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-saml-bearer-assertion. But this is only working when issued by a AD FS instance using SAMLv1 and not the SAMLv2 issued by Azure AD Enterprise applications.

But that wouldn't work anyway because the User Provide in OutSystems does not give you the possibility to get the SAML assertion. Or at least - I havent found a way to do it.

The best way to access Graph API is to add another app registration in Azure AD and use the Microsoft Login Connector from the Forge. I wrote a step-by-step article on medium.com on how to do that. https://stefan-weber.medium.com/getting-started-with-outsystems-and-microsoft-graph-123006356d41

Best

Stefan

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.