问题
I have tried accessing the OAuth2.0 enabled ADFS 3.0 Authorization.
I was able to get the authorization code and given this, i was able to get the access tokens from the token end point.
I find that there is no end point for getting the user profile like objectGuid, email address etc, though I have given the claim rules in the Relying party trust in ADFS Servers.
Can any one help me achieve the following, Either add objectguid or other claims to the accesstoken claims received from the ADFS token end point (OR) to get the userprofile info.
Due to lack of documentation in the ADFS 3.0, we are unable to figure out the various end points and how to get the user informations from the OAuth2.0 enabled endpoints.
回答1:
The access token contain user information you defined in the Claim Rules of Relying Party Trust. It's a base 64 encoded JSON Web Token (JWT) as the text between the two DOT symbol in the token. Sample user JWT:
{
"aud": "https://localhost:8885/",
"iss": "http://WIN-OTB3KE5FH1J.foo.com/adfs/services/trust",
"iat": 1435071019,
"exp": 1435074619,
"email": "guo.du@foo.com",
"commonname": "guo.du",
"displayName": "Guo Du",
"distinguishedName": "CN=Guo Du,CN=Users,DC=foo,DC=com",
"auth_time": "2015-06-23T14:13:24.922Z",
"authmethod": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"ver": "1.0",
"appid": "FooClient"
}
来源:https://stackoverflow.com/questions/27417487/getting-the-user-profiles-from-adfs3-0