First I am new to the topic ADFS. The goal is a Single-Sign-On OAuth2 authentication for SPA Web application.
We have two on premises ADFS servers(called Server-A and Server-B) which is running on two different domain respectively(A, B). Now users can be from any of the domain(A, B) and they can login into my application.
These two ADFS servers trust each other and the ADFS of Server-B has been added on ADFS of Server-A as Claim provider trust and ADFS of Server-A has been added on ADFS of Server-B as Relying party trust. My application endpoint is ADFS of Server-A and my application hosted on IIS which is inside Server-A.
Now when any user of domain A trying to login in my application that time I am getting "access_token" and "Claims" both.
PROBLEM: When any user of domain B trying to login that time getting below error message -
Error message while user of domain B trying to login.
Basically in this image step #7 getting failed.
I am using below javascript code for getting code and token
Below code to get the "Authorization code"
function getAuthorizationCode() {
var _url = _adfs_server + "/adfs/oauth2/authorize?response_type=code&client_id=" + _client_id + "&redirect_uri=" + _redirect_url + "&resource=" + _resource;
window.location.href = _url;
}
Above code snippet - I am getting the "Authorization code" from "Redirected URL" query string. And after that I am calling below code to get the access token
function getAccessToken(code) {
var redirect = decodeURIComponent(_redirect_url);
var _data = {
'grant_type': 'authorization_code',
'client_id': _client_id,
'redirect_uri': redirect,
'code': code
}
$.ajax({
type: "POST",
url: _adfs_server + "/adfs/oauth2/token",
crossDomain: true,
data: _data,
success: function (response) {
_token = 'Bearer ' + response.access_token;
callWebAPI();
}
});
}
So any configuration between two ADFS servers are missing or some other steps need to do?
