We have Microsoft Active Directory Federation Services (ADFS) as our authentication/federation provider. We use it for performing identity federation via SAML to several external vendors, SaaS providers, etc. In addition, we have several vendors that only support OAuth, so we have configured integrations with those vendors using ADFS 2016’s OAuth support. As such, we are able to generate both SAML assertions and OAuth access tokens, as needed.
Now we have run into a situation where Vendor A (configured for SAML auth) needs to make a RESTful service call to Vendor B (configured to require OAuth tokens). Is there a way to convert an ADFS-generated SAML assertion into an ADFS-generated OAuth token? Given that both credentials are generated by ADFS, I would think that ADFS would have a way of performing the conversion. Is there an endpoint where I can POST a SAML assertion and get back the OAuth token in return? Any help would be GREATLY appreciated!!