Create Access Token using SAML2 Bearer Grant Type and Invoke APIS in wso2 API Manager

First we need to create an API in wso2 API Manager and obtain the client id and secret. Then we can use travelocity sample application in wso2 Identity server to generate access token.

Configure travelocity Sample Application

In order to use travelocity sample application we need to change following configurations in travelocity.properties file which is located in <Tomcat_Home>/webapps/travelocity.com/WEB-INF/classes EnableSAML2Grant=true OAuth2.TokenURL=https://localhost:8244/token (This is the token endpoint of APIM. The APIM is running with a port offset of 1) OAuth2.ClientId=TTAoWMohG0lcO8UmN8CRskDT0uMa (Client Id and Client Secret of API) OAuth2.ClientSecret=tFdgrDb8BNxPkqWoBmTL7rvGBLEa

Configure Identity Server to add travelocty application

The AudienceRestriction and the Recipient values we configure here should be equal and the same value shuld be configured as the alias.

Configure Identiy Provider in APIM

The public certificate of the primary keystore should be imported to the identity provider. Then once we login to travelocity application and click on Request OAuth2 Access Token link it is able to obtain the access token to invoke the relevant API in the API Manager.

Originally published at hasanthipurnima.blogspot.com.