hello Everybody,
We have an ADFS infrastructure dedicate to applications (SharePoint, WCF Applications, ...).
We want to test a new configuration, with a Java Application. Before develop the application, wa want to check if the client is able to get a token from ADFS.
So i configure an ADFS Client on ADFS Server like this :
RedirectUri : {http://localhost/}
Name : XX DIRECT
Description :
ClientId : 12345
BuiltIn : False
Enabled : True
ClientType : Public
I configure a Relying Party Trust :
AllowedAuthenticationClassReferences : {}
AutoUpdateEnabled : False
DelegationAuthorizationRules :
EncryptionCertificateRevocationCheck : CheckChainExcludeRoot
PublishedThroughProxy : False
IssuanceAuthorizationRules : @RuleTemplate = "AllowAllAuthzRule"
=> issue(Type = "http://schemas.microsoft.com/authorization/claims/permit",
Value = "true");
SigningCertificateRevocationCheck : CheckChainExcludeRoot
WSFedEndpoint :
AdditionalWSFedEndpoint : {}
ClaimsProviderName : {Active Directory}
IssuanceTransformRules : @RuleTemplate = "LdapClaims"
@RuleName = "Account"
c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",
Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types =
("http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser"),
query = ";sAMAccountName;{0}", param = c.Value);
@RuleTemplate = "LdapClaims"
@RuleName = "Mail"
c:[Type ==
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",
Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types =
("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"), query =
";mail;{0}", param = c.Value);
@RuleName = "All"
c:[]
=> issue(claim = c);
ClaimsAccepted : {}
ConflictWithPublishedPolicy : False
EncryptClaims : True
Enabled : True
EncryptionCertificate :
Identifier : {https://test-oauth2.org}
LastMonitoredTime : 01/01/1900 01:00:00
LastPublishedPolicyCheckSuccessful :
LastUpdateTime : 01/01/1900 01:00:00
MetadataUrl :
MonitoringEnabled : False
Name : TEST
NotBeforeSkew : 0
EnableJWT : True
AlwaysRequireAuthentication : False
Notes :
OrganizationInfo :
ImpersonationAuthorizationRules :
AdditionalAuthenticationRules :
ProxyEndpointMappings : {}
ProxyTrustedEndpoints : {}
ProtocolProfile : WsFed-SAML
RequestSigningCertificate : {}
EncryptedNameIdRequired : False
SignedSamlRequestsRequired : False
SamlEndpoints : {}
SamlResponseSignature : AssertionOnly
SignatureAlgorithm : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
TokenLifetime : 0
AllowedClientTypes : Public
IssueOAuthRefreshTokensTo : AllDevices
So from another server, i try to access to adfs server to get a token.
I simulate java client with Fiddler, and with fiddler composer, i put this request :
https://test-oauth2.org/adfs/oauth2/authorize?response_type=code&resource=https://test-oauth2.org&client_id=12345&username=user@domain.intra&password=Passw0rd&redirect_uri=http://localhost
From Fiddler, i have a response (200 Ok) from adfs but no token. In fiddler response, there is an error message : you must enter your ID in format DOMAIN\user ....
From IE, when i check https://fqdn-adfs/adfs/ls/IdpInitiatedSignOn.aspx, i can autheniticate with the same user.
Somebody can help me ?
regards,
Laurent