Hi,
I'm having trouble with the SAML2Bearer authentication method.
I'm trying to perform SAML2Bearer authentication and retrieve an access token, but I'm unable to do so even after referring to this link (https://developer.genesys.cloud/authorization/platform-auth/use-saml2-bearer).
I'm using Okta as the IdP, and GenesysCloud is registered with Okta. I have also registered the integration details between Okta and GenesysCloud, and I have confirmed that login through SSO is possible.
Objective:
I want to use the SAML2Bearer authentication method provided by GenesysCloud and obtain an access token.
Questions:
I would like to know how to obtain the assertion information, which is a parameter for SAML2Bearer, as mentioned in the above link.
grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&assertion=
What I have investigated and done:
1. I generated a SamlRequest for GenesysCloud and sent it to Okta, but I received an error.
When I created a separate SP and registered it with Okta, I was able to receive the SamlResponse (assertion) successfully.
2. I obtained the source code from the following GitHub repository and executed it, but I couldn't retrieve the assertion.
GitHub - MyPureCloud/saml2bearer-oauth-example
3. I tried sending a SAML2Bearer authentication request to https://login.mypurecloud.jp/oauth/token using the assertion returned from the custom SP in step 1 as a parameter, but it resulted in an error. I also made sure to encode it in Base64.
4. When I send the SamlResponse assertion, which is issued when clicking on the Okta image link on the GenesysCloud login page, to https://login.mypurecloud.jp/oauth/token, I receive a 400 error with "error": "invalid_request".
Best Regards,
#Integrations#Security------------------------------
NagaiMakoto
Itochu Techno-Solutions Corporation(CTC)
------------------------------