Before you can authenticate and get an access token to access resources using an OAuth 2.0 client, you must configure OAuth 2.0 to use a SAML 2.0 bearer grant type.
Before you can configure OAuth 2.0 with a SAML 2.0 bearer grant type, you must fulfill the following prerequisites:
SSL must be set up in the AS ABAP (for details, see Configuring the AS ABAP for Supporting SSL).
A trusted SAML identity provider must be available in the network (see Configuring a Trusted Identity Provider for OAuth 2.0). This identity provider issues the SAML 2.0 assertion that the OAuth 2.0 client sends to the OAuth 2.0 token endpoint.
You have configured a trusted relationship to this identity provider.
In the AS ABAP, there is a user with the type System for each OAuth 2.0 client. For more information on how to set up users of this type, see User Administration Functions.