I have the following setup:
-We have a ADFS 4.0 (win 2016) running.
-Customer has ADFS 3.0 (win 2012R2). (configured as claim provider trust with our ADFS).
-The customer ADFS have configured the following claim rules for the relying party trust (on their ADFS):
I have configured the same claim rules for the Application group WEP API application as "Passthrough or filter an incoming claim" adding all scopes.
I am using the openid-connect "Authorization code flow" using something like
https://{sts_token_service}/adfs/oauth2/authorize/?response_type=code&client_id={client_id}&redirect_uri={uri}/&scope=openid+profile+allatclaims+email+user_impersonation&nonce=nonce
AND
https://{sts_token_service}/adfs/oauth2/token/
?grant_type=authorization_code
&code={code}
&resource={resource}
&client_id={client_id}&redirect_uri={uri}
&scope=openid+profile+allatclaims+email+user_impersonation
I am getting a valid access token just fine, that can be used access the protected api, but I really need the claims as well and I only get upn, but not the others.
Any help will be appriciated.
