손동진
Reputation: 51
How to add OAuth2 protocol in ADFS
I tried to get token from ADFS server in postman.
POST https://{adfs-domain}/adfs/oauth2/token
This is the response:
Error Detail: MSIS7065 :there are no registered protocol handlers on path /adfs/oauth2/token
And also, in authorize request case is same return error:
I am checking configuration by request that
https://{adfs-domain}/adfs/well-known/openid-configuration.
In Json data:
- issuer value (
https://{adfs-domai}/adfs) url page show 503 error authorization_endpoint,token_endpointshow same error MSIS7065jwks_urimay be is working, return key[ { kty, use, alg and so on } ]
Json response:
{
"issuer": "https://{adfs-domain}/adfs",
"authorization_endpoint": "https://{adfs-domain}/adfs/oauth2/authorize/",
"token_endpoint": "https://{adfs-domain}/adfs/oauth2/token/",
"jwks_uri": "https://{adfs-domain}/adfs/discovery/keys",
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"private_key_jwt",
"windows_client_authentication"
],
"response_types_supported": [
"code",
"id_token",
"code id_token",
"id_token token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"query",
"fragment",
"form_post"
],
"grant_types_supported": [
"authorization_code",
"refresh_token",
"client_credentials",
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"implicit",
"password",
"srv_challenge",
"urn:ietf:params:oauth:grant-type:device_code",
"device_code"
],
"subject_types_supported": [
"pairwise"
],
"scopes_supported": [
"vpn_cert",
"openid",
"user_impersonation",
"logon_cert",
"allatclaims",
"profile",
"winhello_cert",
"aza",
"email"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"token_endpoint_auth_signing_alg_values_supported": [
"RS256"
],
"access_token_issuer": "http://{adfs-domain}/adfs/services/trust",
"claims_supported": [
"aud",
"iss",
"iat",
"exp",
"auth_time",
"nonce",
"at_hash",
"c_hash",
"sub",
"upn",
"unique_name",
"pwd_url",
"pwd_exp",
"mfa_auth_time",
"sid",
"nbf"
],
"microsoft_multi_refresh_token": true,
"userinfo_endpoint": "https://{adfs-domain}/adfs/userinfo",
"capabilities": [
"kdf_ver2"
],
"end_session_endpoint": "https://{adfs-domain}/adfs/oauth2/logout",
"as_access_token_token_binding_supported": true,
"as_refresh_token_token_binding_supported": true,
"resource_access_token_token_binding_supported": true,
"op_id_token_token_binding_supported": true,
"rp_id_token_token_binding_supported": true,
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"device_authorization_endpoint": "https://{adfs-domain}/adfs/oauth2/devicecode"
}
The returned values are the same as in the JSON above, and it appears that items like "password" are supported under the grant_types_supported field. However, I am curious about the reason for the MSIS7065 error. Can anyone provide more information?
Upvotes: 0
Views: 137
Answers (0)
Related Questions
- Invalid issuer in discovery document expected: angular-oauth2-oidc with Azure B2C
- Silent refresh is not working in angular oauth oidc
- Grafana using OIDC
- OAuth2 authentication for use with DevOps REST services API
- Active Directory Federation Service response_mode=form_post trying to post to react application
- ADFS 2016 - OAuth2 SPA - Get a new token silently
- Incorrect callback in Office 365 Client credentials grant OAuth2 flow
- Error fetching OAuth2 access token - invalid_grant. BUT it is VALID