Base solution for your next web application
Open Closed

Instruction for on-premises ADFS WsFederation or Open ID #9554


User avatar
0
mfainc created

I am using Core+Angular v9.1.0 and trying to connect it to our on-premises ADFS. ADFS is running on a 2019 server. I can directly sign-on from page: https://my adfs/adfs/ls/idpinitiatedsignon, but I am not sure how to configure AspNetZero to connect to it. Do you have a step-by-step instruction about it?

My appsettings.json

"OpenId": {
  "IsEnabled": "true",
  "ClientId": "my client id",
  "Authority": "https://localhost:44301/",
  "LoginUrl": "https://my adfs/adfs/ls/idpinitiatedsignon", ? Not sure if this is correct
  "ValidateIssuer": "false",
  "ClaimsMapping": [
    {
      "claim": "unique_name",
      "key": "preferred_username"
    }
  ]
},
"WsFederation": {
  "IsEnabled": "true",
  "Authority": "https://localhost:44301/",
  "ClientId": "", ? I don't get these option when setting up a relying party trust
  "Tenant": "", ?
  "MetaDataAddress": "https://my adfs /FederationMetadata/2007-06/FederationMetadata.xml"
},

Any help would be great.

Thanks


5 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    AspNet Zero uses ASP.NET Core's integrations, so you can follow Microsoft's documentation, see https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-3.1.

    Please let us know if you face any problem.

  • User Avatar
    0
    mfainc created

    Thank you for the microsoft documentation. I understand how to setup a relying party trust. My config "WsFederation": { "IsEnabled": "true", "Authority": "https://localhost:44301/", "ClientId": "", ? on-premises ADFS does not supply this "Tenant": "", ? on-premises ADFS does not supply this "MetaDataAddress": "https://my adfs /FederationMetadata/2007-06/FederationMetadata.xml" }, Do I need to supply values for ClientId and Tenant using WsFederation. Being that I am using on-premises ADFS when I am adding a Relying Party Trust it does not supply these values

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @mfainc,

    You can leavel Tenant empty. I'm not sure about ClientId since I don't know much about Relying Party Trust. You can try it and if you face a problem, share it with us.

    If you face a problem, probably there will be an error log in the server side log file (App_Data/Logs/Logs.txt).

  • User Avatar
    0
    mfainc created

    Is there any example of setting the solution up to use an on-premises ADFS? It is redirecting me to Microsoft to log in not my ADFS server.

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Unfortulately, we don't have such a sample. Could you share your configuration with [email protected] ? We can take a look at it for you.