SAML Bearer Assertion flow


We are looking into the possibility of implementing the SAML Bearer Assertion flow within our app. The basic proposed structure we are after would be:

  • A user navigate’s to the home page of the app to log on
  • The user is redirected to the identity provider (Auth0 for example)
  • The user logs in with the identity provider, a SAML assertion is returned and authenticated by the app to allow a SSO
  • Once the app has allowed the user to log on we would like to use the SAML assertion received from the identity provider in the SAML Bearer Assertion flow to exchange it for an access token to give access to another service provider

Is this proposed structure possible with the SAML Bearer assertion flow, and if so is there any documentation on how to successfully exchange a SAML Assertion for an access token.