This is on Server 2016 TP5 - ADFS 4.0
Couldn't find any examples of this so rolled my own.
As always, the gist is here,
Note that you need the user in the "domain\user" format.
Be careful of this flow - you are potentially exposing the user name and password.
This is supposed to be for "trusted" clients.
Enjoy!
5 comments:
this is teh error I got .. any clue ?
{
"error": "invalid_grant",
"error_description": "MSIS9703: Unable to process the password_grant request. Password authentication is not enabled on the STS."
}
this is what I get .. any clue ?
{
"error": "invalid_grant",
"error_description": "MSIS9703: Unable to process the password_grant request. Password authentication is not enabled on the STS."
}
Hello,
We are trying to the same thing. Do you have any links on how to setup on the ADFS side. We are seeing this error on the ADFS side
Microsoft.IdentityServer.Web.InvalidRequestException: Duplicate post parameter \"'%'22key'%'22\".
We have followed the following setup on ADFS.
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/enabling-oauth-confidential-clients-with-ad-fs
Hello,
this work great for domain users but what about users in an AD LDS store? How can they authenticate if the username format must be \?
I know this way I can get access_token. But when I go to ADFS page, I still see login page. I think I should be signed in ADFS as well
Post a Comment