Show TOC

Configuring a Grant Type Extension with an OAuth 2.0 SAML Bearer AssertionLocate this document in the navigation structure

Before you can authenticate and get an access token to access resources using an OAuth 2.0 client, you must configure OAuth 2.0 to use a SAML 2.0 bearer grant type.


Before you can configure OAuth 2.0 with a SAML 2.0 bearer grant type, you must fulfill the following prerequisites:


  1. Start OAuth 2.0 Administration (transaction SOAUTH2).
  2. In the subsection Resource Owner Authentication, use Grant Type SAML 2.0 Bearer Active.
    Note It is also possible to use several resource owner authentication methods, for example SAML 2.0 bearer assertion and authorization code.
  3. Go to the Trusted OAuth 2.0 IdP field and select the trusted identity provider using the input help.
  4. (Optional) To provide an additional level of security in the SAML assertion, mark the checkbox Requires Attribute "client_id".
  5. Go to the OAuth 2.0 Scope ID column in subsection Scope Assignment.
  6. Use the input help to select the OAuth 2.0 scopes you want to access.
    Note For example, SAP NetWeaver Gateway provides the scopes. For more information, see OAuth 2.0 Scopes and Start of the navigation path SAP NetWeaver Gateway Next navigation step SAP NetWeaver Gateway Cookbooks End of the navigation path.
  7. Save your changes.