Invalid response using ADAL and ADFS

0
votes

While building a mobile application in Xamarin I ran into an issue with authentication through ADFS. I'm running AD and ADFS on a VPS and I want the mobile app to authenticate through there to access a Web Api. I have the Active Directory Authentication Library (ADAL) installed in the app and it seems to be working fine when I use https://login.windows.net/common as the authority.

But when I try to use my own domain https://www.example.com/adfs as the authority the ADAL request always returns The authorization server returned an invalid response.

I tried doing a manual request through my browser like this:

https://www.example.com/adfs/oauth2/authorize?response_type=code&client_id=xxxxxxx&redirect_uri=xxxxxx&resource=xxxxxxxx

This request works fine as it shows me the login page, but after a succesful login it redirects to the redirect uri with a general error message. I had to go to the server's ADFS logs to find the following error: Unsupported token type.

Am I missing something in the ADFS configuration or ADAL implementation?

1
active-directoryadfsadal
What version of AFS are you using? How have you configured the RP on the AFS side?rbrayb
I'm using ADFS 3.0 and everything is configured as default, the RP has both WS-Federation and SAML endpoints added.ExplodingSoap

1 Answers

1
votes

ADAL uses OAuth not WS-Fed or SAML.

ADFS 3.0 has very limited OAuth support - for full support you need ADFS 4.0.

This article describes what you need to do.

https://login.windows.net/common is Azure AD and has full support and hence works.

Note that you need to use PowerShell to configure the RP as per the article.