Menu
i have tried to configure my Identityserver4 to use ADFS 4.0 as an external Provider. I have configured it as followed:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = "60b3d106-d155-4f9f-ba75-84b8078829fa",
AuthenticationScheme = "oidc",
PostLogoutRedirectUri = "http://localhost:5000",
DisplayName = "ADFS TEST Domain",
MetadataAddress = "https://srv2016dc01.test.local/adfs/.well-known/openid-configuration",
SaveTokens = true,
GetClaimsFromUserInfoEndpoint = true
});
Seems to work, as i can login and get a few Claims back: Claims get back from ADFS
But it doesn't look like that the Userinfo Endpoint will be called... Otherwise ther schould be more claims, and i can't see a call to the Userinfo Endpoint in the DEbug log of the ADFS Server.
I have also tried to call the Userinfo Endpoint in Code like in this link: ASP.NET Identity (with IdentityServer4) get external resource oauth access token
But at "await _signInManager.UpdateExternalAuthenticationTokensAsync(info);" i don't get an access_token back, only an id_token...
Does anybody have an working example on Identityserver4 with ADFS 4.0 or at least with any other external OpenIdConnect Server?
Is there any other way to get all the Infos from Userinfo Endpoint?
I need to get the Group Memeberships from the authenticated User as Role Claims, for grant permissions on an WebApi Resource.
532
If i set "token id_token" as ResponseType Value in the Options, i'll get the tokens! ResponseType = "code id_token"
If an access_token is available the UserInfo Endpoint will be called.
But now i'll get a 401 Error from the Userinfo Endpoint. Anyway... This issue is resolved by adding
ResponseType = "code id_token"
to the OpenIdConnectOptions
196
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With