Create Access Token using SAML2 Bearer Grant Type and Invoke APIS in wso2 API Manager

First we need to create an API in wso2 API Manager and obtain the client id and secret. Then we can use travelocity sample application in wso2 Identity server to generate access token.

Configure travelocity Sample Application

In order to use travelocity sample application we need to change following configurations in file which is located in <Tomcat_Home>/webapps/ EnableSAML2Grant=true OAuth2.TokenURL=https://localhost:8244/token (This is the token endpoint of APIM. The APIM is running with a port offset of 1) OAuth2.ClientId=TTAoWMohG0lcO8UmN8CRskDT0uMa (Client Id and Client Secret of API) OAuth2.ClientSecret=tFdgrDb8BNxPkqWoBmTL7rvGBLEa

Configure Identity Server to add travelocty application

The AudienceRestriction and the Recipient values we configure here should be equal and the same value shuld be configured as the alias.

Configure Identiy Provider in APIM

The public certificate of the primary keystore should be imported to the identity provider. Then once we login to travelocity application and click on Request OAuth2 Access Token link it is able to obtain the access token to invoke the relevant API in the API Manager.

Originally published at

Written by

Associate Technical Lead @ WSO2

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store