Get SAML Tokens via API

Overview

This article explains whether it is possible to receive a SAML response by making an API call from a server without involving a browser.

Solution

This is not possible. The SAML protocol is designed for browser-based logins and cannot be used for machine-to-machine scenarios - such as using an API endpoint to generate a response. If the server requires a SAML response, you will will need to perform a browser-based flow. For example, the backend can issue a redirect to the browser to initiate the login.

The general recommendation for machine-to-machine authentication is the Client Credentials flow in the OAuth 2.0 protocol. This flow is designed to be used by servers to generate tokens without the involvement of a human user or a browser. More on that here: Client Credentials Flow

Note: Client Credentials is an OAuth 2.0 flow that can only generate Access Tokens, not SAML responses.