Device flow authorization with SAML2

Tagged: , , ,

This topic has 2 replies, 2 voices, and was last updated 4 years, 4 months ago by voxtel.

  • Author
  • #22562


    I know how to authorize devices or web services using OAuth2 with access_token, but is it possible to do this using SAML2? Can’t find any info on Google, which leads me to think it’s not really possible, or not really something we do in general.


     Bill Nelson

    OAuth2 is an authorization based protocol. SAML2 is an authentication based protocol.

    The closest you can come to what it sounds like you are trying to achieve is to provide assertion attributes that indicate a user’s access (i.e. Security Groups). It is then up to the Service Provider to decide what to do with those attributes (but authorization, itself is completely outside of the SAML flows).


    Ah ok ok, so there is no way to use SAML2 to authorize a device by itself then, that’s what I wanted to hear, thanks!

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?