Are you aware that the SAML token is bound to the user? This means that only the users browser can do rest calls straight to the rest service and authenticate itself using the SAML token.
If you want to do a rest call from the Mendix business server to a rest service, this is server to server communication. The Mendix business server needs its own username/password or certificate for example to authenticate itself.