1. Web Access Management (“WAM”) using open source SAML and OAuth2 software
Day by day it is getting more difficult to manage inbound SAML authenticated people
while maintaining SSO and central entitlements management for internal websites, SaaS
platforms and mobile applications.
The diagram above illustrates a concept to centralize Web access management using an
UMA Authorization Server “AS“, where the person uses an IDP SAML to authenticate. In
this case, the UMA Resource Server “RS” and the UMA Relying Party “RP” are
consolidated. The RP sends the user claims, obtained via SAML, with the UMA request to
the AS to authorize the token (in this case, the RPT token…) for a given scope. In this
case, the combined RS-RP is similar to a CA Site minder agent. The only reason this
works is because the domain controls both the IDP (in this case the Asimba proxy) and
the RPs.

2. Note, in many cases, you may not want the RS to act as the RP. For example, if the
Apache2 server is an API hub, and the client is a mobile app, you want the RP to be the
mobile app which has a connection to the person. There was some discussion on this if
you are the type of person who likes to read sequence diagrams.
Article resource:-http://gluu.webs.com/apps/blog/show/42374398-web-access-
management-using-oauth2-and-saml-wam-2-0