We have a legacy application which uses the Windows Identity Framework, written around 2010-2011. Users authenticate by logging into a client portal, which then sends a saml token to our application.
We are updating the application to a services model, using webAPI 2.0/Owin/Identity 2.0 for security. Looks like bearer tokens are similar in concept to SAML, but not the same.
The client is very sensitive about changing his portal. Is there any way to consume SAML in a webAPI application?
thanks in advance