adfs3.0

Using ADFS OAuth Refresh Token

时光毁灭记忆、已成空白 提交于 2019-12-19 04:04:34
问题 I have ADFS3 OAuth2 configured to return Refresh Tokens: PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -IssueOAuthRefreshTokensTo AllDevices PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -TokenLifetime 10 PS> Set-AdfsProperties -SSOLifetime 480 Here the Access Token lasts for 10 minutes and the Refresh Token lasts for 480 minutes. I then generate an Access Token by GETing: https://myadfsdomain/adfs/oauth/authorize ?response_type=code &client_id=MYCLIENTID &redirect_uri=https:/

Using ADFS OAuth Refresh Token

穿精又带淫゛_ 提交于 2019-12-19 04:04:03
问题 I have ADFS3 OAuth2 configured to return Refresh Tokens: PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -IssueOAuthRefreshTokensTo AllDevices PS> Set-AdfsRelyingPartyTrust -TargetName "RPT Name" -TokenLifetime 10 PS> Set-AdfsProperties -SSOLifetime 480 Here the Access Token lasts for 10 minutes and the Refresh Token lasts for 480 minutes. I then generate an Access Token by GETing: https://myadfsdomain/adfs/oauth/authorize ?response_type=code &client_id=MYCLIENTID &redirect_uri=https:/

ADFS as OAuth2 provider / Authentication server possible?

不打扰是莪最后的温柔 提交于 2019-12-19 03:36:25
问题 We want to setup ADFS 3.0 to enable OAuth2 based authentication. I have read lots of documentation, but am still unclear if this is supported. Can ADFS be used as an authorization server for oauth, or is oauth2 support in ADFS only meant to work as a client to another authorization server? Any help for setting up adfs as oauth provider/server is appreciated. 回答1: in ADFS 2012R2 (aka ADFS 3.0), we only support the authorization grant flow. The only scenario is for public clients (say a mobile

Implementing Office 365 single sign-on using custom authentication/claims provider in ADFS 3.0 (RE: AADSTS90019)

廉价感情. 提交于 2019-12-18 09:46:29
问题 I have a new Claims Provider Trust successfully configured in ADFS 3.0 that allows us to use a separate SAML IdP and let ADFS 3.0 be the SP. We now see "You are signed in" when we go through our SAML IdP. So this part works fine (SSO into ADFS 3.0). However, attempting to access Office 365 apps now returns the following error by at https://login.microsoftonline.com/login.srf: AADSTS90019: No tenant-identifying information found in either the request or implied by any provided credentials. Any

Getting the user profiles from ADFS3.0

為{幸葍}努か 提交于 2019-12-14 02:50:06
问题 I have tried accessing the OAuth2.0 enabled ADFS 3.0 Authorization. I was able to get the authorization code and given this, i was able to get the access tokens from the token end point. I find that there is no end point for getting the user profile like objectGuid, email address etc, though I have given the claim rules in the Relying party trust in ADFS Servers. Can any one help me achieve the following, Either add objectguid or other claims to the accesstoken claims received from the ADFS

Spring Boot oauth2: How to set the resource parameter in the authorization request to make adfs happy?

时光总嘲笑我的痴心妄想 提交于 2019-12-11 04:44:40
问题 I'm trying to set up a spring boot app that uses oauth2 with Active Directory Federation Services as the authentication provider. I started with the tutorial here... https://spring.io/guides/tutorials/spring-boot-oauth2/ ... and got the facebook example to work. Then, I started adapting it to work with ADFS. It is close to working, but ADFS expects a resource parameter to be passed with the authorization request and I can't figure out how to set it. Here's what I've got so far in the config..

PHP + ADFS for SSO (via OAuth) - How to setup ADFS?

让人想犯罪 __ 提交于 2019-12-07 05:04:17
问题 Im trying to use ADFS for SSO on a project. The project is on PHP and Im trying to use OAuth for this. So what are the steps for setting up ADFS to work with OAuth2? I have no idea about ADFS and cant get any direct guide on OAuth2 settings there. Thanks a lot. 回答1: I see that the question is quite old. But in case if other people will get here, I have some answer which should be good for March 2019. Let me start with a general overview. SSO SSO could be done with personal Google, Facebook,

UseWsFederationAuthentication - AuthenticationException: The remote certificate is invalid according to the validation procedure

给你一囗甜甜゛ 提交于 2019-12-06 10:45:18
I am getting an error every time I try to run my MVC project on my development box through VS2015 and IIS Express. It uses this code to authenticate against our ADFS server. app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseWsFederationAuthentication( new WsFederationAuthenticationOptions { Wtrealm = realm, MetadataAddress = adfsMetadata }); This is the error I am getting in the browser. [AuthenticationException: The remote certificate is invalid according to the validation procedure

Not getting user identity in JWT used in OAuth2 access token from ADFS 3.0

牧云@^-^@ 提交于 2019-12-06 05:10:23
I'm using the authorization flow supported in ADFS 3.0 in the following way, Browser connects to MyService MyService redirects browser to ADFS for OAuth Browser connects to ADFS for OAuth Authorization code ADFS authenticates the users through the browser ADFS redirects the browser back to MyService along with authorization code Browser connects to MyService and passes the authorization token MyService connects to ADFS and gets the access token from the authorization token However, the access token is missing the user identity and MyService is unable to identify the user. The access token has

PHP + ADFS for SSO (via OAuth) - How to setup ADFS?

给你一囗甜甜゛ 提交于 2019-12-05 11:44:08
Im trying to use ADFS for SSO on a project. The project is on PHP and Im trying to use OAuth for this. So what are the steps for setting up ADFS to work with OAuth2? I have no idea about ADFS and cant get any direct guide on OAuth2 settings there. Thanks a lot. I see that the question is quite old. But in case if other people will get here, I have some answer which should be good for March 2019. Let me start with a general overview. SSO SSO could be done with personal Google, Facebook, GitHub, Twitter, Microsoft accounts. After logging in to your account, you can log in to other systems (e.g.