Tuesday, January 20, 2015

ADFS : ADFS 3.0 and OAuth2

This is for Server 2012 R2.

There are a lot of blogs about this but very little useful information.

So I thought about creating a client that shows this.

And then I thought about Authorization Server.

You can get this working if you want - just hook up to AS to ADFS as a normal ASP.NET RP for authentication.

But that's not what this post is about - I wanted to use the sample code to access ADFS.

Under "samples/Flows/Clients/OAuth2 CodeFlow you'll find the sample.

First you have to configure ADFS and you have to use PowerShell to do this - there's no wizard support.

You use the AdfsClient commands as per AD FS Cmdlets in Windows PowerShell.

Vittorio has blogged on this: Securing a Web API with Windows Server 2012 R2 ADFS and Katana.

Of interest is setting up the RP (worth repeating that it is neither WS-Fed nor SAML so don't tick any boxes) and the Add-AdfsClient command.  

My RP then looks like:

So running Get-AdfsClient on my box:

RedirectUri : {https://xxx/CodeFlow/callback}
Name        : AMCodeFlowClient
Description : AM Code Flow Client
ClientId    : codeclient
BuiltIn     : False
Enabled     : True
ClientType  : Public 

ToDo: Code changes to the sample.



No comments: