ASP.NET Core middleware that enables an application to support the Microsoft ADFS's OAuth 2.0 authentication workflow. OAuth2 protocol is supported since ADFS 3.0 (Windows Server 2012 R2).
Create the relying party on "AD FS Management", and configure claims...
Then, you have to add your client app using powershell
Import-Module ADFS
$relyingPartyName = "WebApp"
$appUri = "https://localhost:44303"
$clientId = [guid]::NewGuid()
$redirectUri = "$appUri/signin-adfs"
Add-AdfsClient -Name $relyingPartyName -ClientId $clientId -RedirectUri $redirectUri
Write-Host "Client Id: $clientId"
In your startup.cs
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
...
app.UseAdfsOAuthAuthentication(new AdfsOAuthOptions("ad.adtest.local") // Your ADFS server hostname
{
AutomaticAuthenticate = true,
ClientUri = "https://localhost:44303", // Registered on your ADFS server as Relying party trust
ClientId = "21495a95-35ef-48ec-80b4-bce8ac430b9f" // AdfsClient's ClientId registered on your ADFS server
});
...
}
By default, the redirect URI is "[ClientUri]/signin-adfs". It can be changed in the options.
As signing certificates are auto-renewed by default by ADFS server, and there is - for now - no easy way to retrieve the signing certificate from the server, the token issued by the server is not verified.