SAML Bearer Assertion Flow - how to setup Keycloak to issue tokens based on SAML assertion

Hello All,

I am struggling to find documentation or advice describing usage of SAML Bearer Assertion Flow with Keycloak. The grant type grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer. Alternatively, any information on configuring Token Exchange with Keycloak would be appreciated, as the flow seems similar enough (while rules of tusting the 3rd party token are surely different).

I would like Keycloak to verify presented SAML assertion in the OIDC / Oauth2 token endpoint, and issue corresponding access / id tokens, for the user the assertion was issued for. Any example workign configuration highly appreciated.



If I take a look on supported grant types in the introspection, saml2-bearer is not there. Is it even supported somehow?

I am looking for something similar, I have a angular client secured with SAML using a REST service, I would need to get the tokens to be able to authenticate against the REST based on the SAML assertion.

Any of you found the solution to this?
Would be greatly appreciated.