stackoom
  简体   繁体   中英

ADAL.JS, ADFS and Windows 2016

 原文  2018-03-13 05:24:16       azure/ oauth-2.0/ adal/ windows2012

Question

Plan is to support OAuth2 workflows in AngularJS application. ADAL supports 'Implicit Grant Flow.' ADFS in older versions (available in Windows 2012 R2) supported only 'Authorization Grant Flow'

Our plan is to begin by setup of a lab environment. It was suggested to us that Windows 2012 R2 has limited support for OAuth2 hence; we should setup environment using Windows 2016 and ADFS 4.0.

So before we start with a setup involving AD, ADFS, IIS, AngularJS application (which is definitely non-trivial) wanted to confirm can ADFS running on Windows 2016 server. We plan to use ADAL.JS in order to support OAuth2 support - Implicit Grant workflows?

2 answers

solution1
 0  2018-03-13 06:32:01

As OAuth 2.0 support in ADFS on Windows Server 2012 R2 states about the Supported authorization grants as follows:

Authorization grant type / ADFS (Windows Server 2012 R2)

Authorization code grant : Supported

Implicit grant : Not supported

Resource Owner Password Credentials grant : Not supported

Client Credentials grant : Not supported

Also, as ADFS as OAuth2 provider / Authentication server possible? answered as follows:

With ADFS 2016 (which will release imminently), you have the full Oauth/OIDC support. With this you can build web apps, single page apps, API's, multi-tiered app systems that require On-behalf-of support, confidential clients (with support for windows service accounts acting as confidential clients).

For your scenario, you could follow Build a single page web application using OAuth and ADAL.JS with AD FS 2016 . Note: The previous walkthrough is applicable only to AD FS Server 2016 and higher.

solution2
 0  2019-03-03 11:23:12

I am following that ( https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/single-page-application-with-ad-fs ) but I am getting 401 error while trying to browse the TodoList page. The userdata is showing aud, iss, iat, exp, upn, unique-name and sub but not my family and given name. In relaying party trust I have: 

 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "family_name"), query = ";displayName,mail,givenName,sn;{0}", param = c.Value);```
and in Insuance transform rules I have:
```c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/claims/Group", "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"), query = ";mail,givenName,sn,tokenGroups(SID),sAMAccountName;{0}", param = c.Value);```

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Adal.js not triggering the authentication Combining ADAL.Net and ADAL.js adal.js or msal.js for ReactJS ADAL.js token renewal with ExtJS application ADAL.js not working in Microsoft personal account ADAL.JS and Offline Web App Invalid token received from adal.js No User Info saved with Office 365 Login (ADAL.js) Angular2 adal.js - #id_token in URL Callback after Login() of ADAL.js is not called in Edge
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM