Reputation: 5470
On Premise ADFS 3.0 OAuth2 WebApi + AngularJS
I am completely lost on this, any help would be appreciated.
When I click Login through my client app from angularJS, I get redirect to :
https://adfs.dev5.local/adfs/oauth2/authorize?response_type=code&client_id=09c9a8a2-6bf1-427d-89ba-45c2c02bb9fc&resource=urn%3Awebapi%3Atest&redirect_uri=https%3A%2F%2Flocalhost%3A44326%2F&state=52e4aa10-f082-4ee6-8823-543ec6e4dce4&client-request-id=e2751f34-f7db-41f4-8c1d-4463e2dca48b&x-client-SKU=Js&x-client-Ver=1.0.15&nonce=93039780-99f6-4efc-8b1b-58aa92df9f82
Which is fine and all, I am able to enter my email + password. Once I login I get redirect to:
https://localhost:44326/?code=OLCE2LJVeU2Zy2-7Q4oIMg.6Pr0vZgW1QhBAMQoUlgIKAdAsno.q4scWy_ZFQHQEz08M3gU3KJU4NhXdimZiMpgSGBQ8xKN8BLK0Qoe1m1cK5TA2WLLyA14SlnnfA4yHEp5_pTWrIOYNrvOVzNiGU0Zkie-7ae2D1_3U1E1rTmLUTprIadU4gLmo2CeMHkM8gumS285wKsRsMpXVLcavjgjyRM3XoWXSDSP96_eeMgq1osQ1M5170rrGOh_DVqKG-xYnKk5PEC7cWikaR_pxCvwvayLMV0VQIIyq1GJ3CvgK8sWFJGdY3jz247Bh8RPH9-t2_Jz3_7wyqvfvfquAY8tQxElEN1IEoPMOwVdjfBgNlZlw7vtAo79jdH1C_TRNUC5T3IrXw&state=52e4aa10-f082-4ee6-8823-543ec6e4dce4&client-request-id=e2751f34-f7db-41f4-8c1d-4463e2dca48b
This is where I am confused I don't think it's suppose to redirect me to that..., I know that I need to POST this some how to get the token, but how? I use Postman and I was able to get the access token, but what I don't understand is how do my WebAPI translate this to access token?
I am using ADFS 3.0 on Windows Server 2012 R2.
Setup ADFS:
Add-ADFSRelyingPartyTrust -Name MyWebAPI -Identifier urn:webapi:test -IssuanceAuthorizationRules '=> issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");' -IssuanceTransformRules 'c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue(claim = c);'
Add Client:
Add-ADFSClient -Name "client" -ClientId "09c9a8a2-6bf1-427d-89ba-45c2c02bb9fc" -RedirectUri "https://localhost:44326/"
Startup.Auth.cs:
app.UseActiveDirectoryFederationServicesBearerAuthentication(
new ActiveDirectoryFederationServicesBearerAuthenticationOptions
{
MetadataEndpoint = "https://adfs.dev5.local/FederationMetadata/2007-06/federationmetadata.xml",
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidAudience = ConfigurationManager.AppSettings["ida:Audience"],
}
});
webconfig for audience:
<appSettings>
<add key="ida:Audience" value="https://localhost:44326/" />
</appSettings>
AngularJS adal setup:
adalProvider.init(
{
instance: 'https://adfs.dev5.local/',
tenant: 'adfs',
clientId: '09c9a8a2-6bf1-427d-89ba-45c2c02bb9fc',
redirectUri: 'https://localhost:44326/'
//cacheLocation: 'localStorage', // enable this for IE, as sessionStorage does not work for localhost.
},
$httpProvider
);
Upvotes: 2
Views: 2201
Answers (1)
Reputation: 46720
Have a look at these Postman samples.
You'll see I did each flow but for ADFS 4.0 which has the full OpenID Connect / OAuth stack.
ADFS 3.0 only has auth. code grant for confidential clients.
Once you have the code for the authorize endpoint, you need to send it to the token endpoint to get the actual token.
There's a good example here.
Also be aware that js clients normally use the implicit flow.
Upvotes: 2
Related Questions
- Configuring ADFS for ASP.Net Core 2.0 , Angular 4 application
- Angular 2 Authenticatication with on-prem ADFS
- Understanding OAuth authorization code flow with Angular, ADFS and .NET Web API
- authenticate Angular 2 against ADFS via Web API
- Authentication to ASP.NET Web Api using ADFS
- ADFS/Web Api/Angularjs with Single Signon
- OAuth2 SSO implementation using ADFS in MVC4 with Owin Oauth middleware
- API authentication with ADFS and Angular.js
- ADFS 3 OAuth 2 CORS Error
- Authentication with ADFS 2.0