Hi Mohib,
Good question :-) I'm not 100% sure if we need to.
- Developing a product whose using OAUTH2 for authz (with Gluu being the Authn/Authz server - probably using OIDC).
- Have customers that require SAML2 integration
- Want to harmonise the application development so that internally we're only developing against OAUTH2 authn.
- So the idea is, take a signed SAML2 assertion, and via the OAUTH2 saml-bearer function, exchange for a valid OAUTH2 access token.
In our case, our "application" is actually comprised of multiple frameworks - Spring and NodeJS, so implementing split SAML2/OAUTH is potentially doubly costly. From this perspective collapsing the functionality into Gluu would allow us to focus solely on OAUTH2 in the future, whilst maintaining enterprise IDM interoperability.
Does that make sense?