I implemented authentication and authorization using Identity server 4 with OIDC to allow clients accessing our application to get the necessary tokens to access our resource server (web APIs). This is the current architecture :

• Identity Server 4 using my custom DB to authenticate users
• Resource APIs (ASP.NET Core)
• Angular 2 front end

I need to implement SSO, where users from other systems will pass SAML2 assertions from their identity providers to allow them to access our resource APIs without logging in to our application.

I have some confusion about where this step will happen, and what will be the workflow, will our identity server be involved in this process and how to implement that using Identity Server 4.

Right now there is no SAML2 support for ASP.NET Core.

If you are using IdentityServer3, you can act as a SAML2 SP via the Kentor authentication middleware. This is not available for ASP.NET Core yet.

Generally speaking - you cannot use SAML2 to secure APIs - it is a protocol for web based SSO - not API access.