Spring Oauth2 using ADFS Authorization Provider

2
votes

I was given a spike to figure out how to use ADFS 3.0 Oauth2 as the authorization provider for a spring application. I have been able to get it to work by using the Spring Oauth2 example then basically hacking a UserInfoTokenServices by creating a JWT parser to extract the authorization out of it.

https://spring.io/guides/tutorials/spring-boot-oauth2/

Spring Boot oauth2: How to set the resource parameter in the authorization request to make adfs happy?

How to configure spring boot security OAuth2 for ADFS?

Is there a reason why using ADFS Oauth2 and Spring Oauth2 hasn't been developed together yet? Am I missing something? Is this taboo? If not is there a better way?

1
javaspring-bootspring-securityspring-oauth2adfs3.0
Hi @millsofmn, I'm working in some similar, What was the result of your spike?Ignacio Ocampo
@IgnacioOcampo I haven't figured out if it's taboo or not but I just went with it so my application is using spring security and authenticating against Oauth2 fro ADFSmillsofmn

1 Answers

0
votes

I think that initially Spring Securityt oAuth2 was not designed to work with ADFS server. The proper Java security engine that will easily resolve your problem is Pac4J and here there is a Spring Security Pac4j library that helps you to integrate your application with OAuth - SAML (ADFS) - CAS - OpenID Connect - HTTP - OpenID - Google App Engine - Kerberos - LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API.

Here you can find great demo that will show you some authentication mechanisms that can be simply develoiped using Pac4j.