RFC 7522 Support?

Is it currently possible (or are there any works in progress) that would allow user to use a SAML assertion to generate an OAUTH2 JWT token? I believe RFC 7522 specifies a way to do this.

The scenario I’m trying to work with is one where the customer has a 3rd party IDP (such as Okta) that supports SAML. We would like our application to authenticate to Keycloak and have Keycloak perform the SAML auth to the 3rd party, and upon success, generate an OAUTH2 JWT token for the client.

Basically, our client application prefers OIDC authentication tokens but the customer wants to use their existing login credentials via SAML and Okta and we are trying to bridge that gap without implementing a SAML SP in our application.

1 Like

Did you solve RFC 7522 ?
I have to implement a similar flow