ADFS/Web Api/Angularjs with Single Signon

Question

Anybody know how to use ADFS, Web Api 2 and Angularjs together to achieve single sign-on inside the same domain? I created a ASP.NET Project with MVC template (.Net 4.5) and setup as on-permises org. authentication integrated with ADFS, I got everything working (successful login). My main question is, How do I get jwt token from API in angularjs ? After I did the research, it looks like it's impossible to do single signon without using MVC controller as a middle guy, so I can get the token from ADFS and then I can parse the jwt and get the information I am looking for (claims)? How do I get the token from MVC controller? any example? My current setup is Angularjs->MVC Controller->Web Api-> ADFS, any better suggestion? MVC Controller is really redundant, the only reason I need it, it's because to achieve single sign-on.

Answer 1

Now there is a way to issue JWTs directly from angular SPAs using Microsoft's ADAL library (refer to this sample for an example), so you don't need the MVC layer anymore.

This library is mainly used for Azure AD, but with some tweaking you can use it with ADFS, all you need to do is to fill the following values in the app.js file instead:

instance: 'https://{your-adfs-url}/', 
tenant: 'adfs', // this is always 'adfs'
clientId: 'Enter your client ID (as registered under ADFS) here e.g. e9a5a8b6-8af7-4719-9821-0deef255f68e',

On the ADFS side you need to register your apps under ADFS as an Application Group, for more info refer to this technet article.