question

MarioPrincipato-9505 avatar image
0 Votes"
MarioPrincipato-9505 asked

ADFS and OIDC integration

Good morning community,

i'm implementing an integration with ADFS for implementing user authentication between my application and ADFS.

So i registered successfully my application on ADFS and retrieved the client-id and secret-id and setup the redirect URL.
After that i imported the ADFS certificate into my app and performed the OpenID configuration successfully using these parameters:

Discovery URL: https://ADFS-hostname/adfs/.well-known/openid-configuration
Authorization URL: https://ADFS-hostname/adfs/oauth2/authorize/
Token URL: https://ADFS-hostname/adfs/oauth2/token/
JWT URL: https://ADFS-hostname/adfs/discovery/keys
Scope:vpn_cert aza email logon_cert user_impersonation openid profile
Client ID
Client Secret

Then i created the Relying Party into ADFS with the following information:
Relying Party identifiers: https://ADFS-hostname/adfs/oauth2/authorize/
Access Control Policy: Permit Everyone.

But when i try to login then i'm redirect correctly from my App to ADFS but i receive the following error:

Encountered error during federation passive request.

Additional Data
Event ID 364
Protocol Name:
OAuthAuthorizationProtocol

Relying Party:



Exception details:
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthUnauthorizedClientException: MSIS9321: Received invalid OAuth request. The client 'ClientID Number' is forbidden to access the resource 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope'.
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthAuthorization.OAuthTokenBrokerAuthorizationRequestContext.ValidateBroker()
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthAuthorization.OAuthTokenBrokerAuthorizationRequestContext.ValidateCore()
at Microsoft.IdentityServer.Web.Protocols.ProtocolContext.Validate()
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthAuthorization.OAuthAuthorizationProtocolHandler.PreAuthenticationProcess(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Any hints or suggestions will be appriciated.
Regards
Mario

adfs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers