[OPENAM-5690] Get an Access Token From SAML 2.0 on 12.0.0 uses grant type saml2-bearer, but TokenEndpoint is not defined in OAuth2Application Created: 19/Mar/15  Updated: 20/Nov/16  Resolved: 13/Apr/15

Status: Resolved
Project: OpenAM
Component/s: oauth2, SAML
Affects Version/s: 12.0.0, 12.0.1
Fix Version/s: 12.0.1, 13.0.0

Type: Bug Priority: Major
Reporter: Nathalie Hoet Assignee: Quentin CASTEL [X] (Inactive)
Resolution: Fixed Votes: 0
Labels: EDISON, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Target Version/s:
Support Ticket IDs:


On OpenAM12,
Trying to implement: http://docs.forgerock.org/en/openam/latest/admin-guide/index/chap-oauth2.html#oauth2-sp-and-authz

Returns error message:

{"error":"unsupported_grant_type","error_description":"Grant type is not supported: urn:ietf:params:oauth:grant-type:saml2-bearer"}

Root cause is that
OAuth2Saml2GrantSPAdapter uses the grant type OAuth2Constants.SAML20.GRANT_TYPE_URI which is defined as urn:ietf:params:oauth:grant-type:saml2-bearer
But OAuth2Application only defines the end point TokenEndpoint.JWT_BEARER which is urn:ietf:params:oauth:grant-type:jwt-bearer

Comment by Quentin CASTEL [X] (Inactive) [ 13/Apr/15 ]

I merged the bug fix with OPENAM-4344.

Generated at Sat Oct 24 01:10:02 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.