not able to get claims into access_token generated by ADFS 3.0 using OAuth 2.0

0
votes
  1. I have an Angular application(ex. https://localhost:44301) that is using Web API(ex. https://localhost:44302) to interact with data.
  2. I have an Identity Server 4 (ex. https://localhost:44303) for authentication in which we have even configured external login with Azure AD.
  3. Our Architecture is something like below :

enter image description here

  1. Now I want to add ADFS 3.0 (even ADFS 4.0 i.e. multiple ADFS) as a external login provider

  2. So as per my research I have to go for only OAuth 2.0 with Authrization Code Grant.

    ref: https://github.com/nordvall/TokenClient/wiki/OAuth-2-in-ADFS

  3. For that what type of configuration should I add into ADFS server. I am mainly confused about:

    • what should add as relying party trust identifier ?
    • what should as a resource into authorization request ?
    • what configurations for custom claims ?
1
oauth-2.0identityserver4adfs3.0
You mean you want to add ADFS as an external IDP to idsrv4?rbrayb
Correct, I want to in implement the sameGopal Zadafiya

1 Answers

0
votes

There are three ways you can do this.

You can add ADFS via:

  • SAML 2
  • WS Fed
  • OpenID Connect

So:

  • SAML or you could use the Rock Solid Knowledge stack described in that blog
  • WS-Fed - use the built-in ASP.NET Core SP option
  • OIDC is doable but rather go with above

In both these cases, ADFS is a CP to idsrv4. idsrv4 is an SP to ADFS.

If you go with OIDC, it's an application group.