Friday, November 11, 2016

Postman : Using Postman for Resource Owner Password Grant on ADFS

This is on Server 2016 TP5 - ADFS 4.0

Couldn't find any examples of this so rolled my own.

As always, the gist is here,

Note that you need the user in the "domain\user" format.

Be careful of this flow  - you are potentially exposing the user name and password.

This is supposed to be for "trusted" clients.

Enjoy!

5 comments:

Unknown said...

this is teh error I got .. any clue ?

{
"error": "invalid_grant",
"error_description": "MSIS9703: Unable to process the password_grant request. Password authentication is not enabled on the STS."
}

Unknown said...

this is what I get .. any clue ?
{
"error": "invalid_grant",
"error_description": "MSIS9703: Unable to process the password_grant request. Password authentication is not enabled on the STS."
}

Unknown said...

Hello,

We are trying to the same thing. Do you have any links on how to setup on the ADFS side. We are seeing this error on the ADFS side

Microsoft.IdentityServer.Web.InvalidRequestException: Duplicate post parameter \"'%'22key'%'22\".

We have followed the following setup on ADFS.


https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/enabling-oauth-confidential-clients-with-ad-fs

Ilios78 said...

Hello,

this work great for domain users but what about users in an AD LDS store? How can they authenticate if the username format must be \?

Mayur Dighe said...

I know this way I can get access_token. But when I go to ADFS page, I still see login page. I think I should be signed in ADFS as well