SAML Bearer Flow

SAML Bearer Flow Diagram
  • SAML assertion is created and signed with private key of an X509 certificate by client app
  • Authorisation server checks signature against public key of certificate to verify authenticity of request
  • Allowed scopes are based on approval previously provided by the user through another OAuth flow
  • Additional claims can be included in the assertion to communicate extra user or context info to the auth. server
  • For Salesforce to act as the authorisation & resource server, a connected app is needed
Walkthrough and Additional Considerations (Apex Hours)