OAuth 2.0 or SAML 2.0 to UI5 via Service Mediation Layer

Dear all

I am interested to gauge opinion and experience on the following scenario.

The key components are:

• on Premise SAPUI5 application running on Gateway NW level 7.3 SP08 (intranet based)
• On Premise SML (Apigee)  process intranet requests to and from Apigee Cloud
• Cloud based SML (Apigee) process internet requests to and from Apigee on Premise
• Internet based Identity Provider
• Reverse proxy server to faciliate requests in DMZ

Want to access UI5 application from internet via SML with identity federation with external identity provider.

SML is being used so that the Gateway server is not exposed directly to DMZ by exposing HTTPS port.

My question is do we use OAuth 2,0 with SBA to access the SAPUI5 application as per the following link

Using OAuth 2.0 from a Web Application with SAML Bearer Assertion Flow - Security and Identity Management - SCN Wiki

or a SAML 2.0 only solution as NW 7.3 SP08 is capable of both?

Any practical examples will be appreciated

Many thanks

Mike