Instruction for on-premises ADFS WsFederation or Open ID #9554

mfainc created 3 years ago

I am using Core+Angular v9.1.0 and trying to connect it to our on-premises ADFS. ADFS is running on a 2019 server. I can directly sign-on from page: https://my adfs/adfs/ls/idpinitiatedsignon, but I am not sure how to configure AspNetZero to connect to it. Do you have a step-by-step instruction about it?

My appsettings.json

"OpenId": {
  "IsEnabled": "true",
  "ClientId": "my client id",
  "Authority": "https://localhost:44301/",
  "LoginUrl": "https://my adfs/adfs/ls/idpinitiatedsignon", ? Not sure if this is correct
  "ValidateIssuer": "false",
  "ClaimsMapping": [
    {
      "claim": "unique_name",
      "key": "preferred_username"
    }
  ]
},
"WsFederation": {
  "IsEnabled": "true",
  "Authority": "https://localhost:44301/",
  "ClientId": "", ? I don't get these option when setting up a relying party trust
  "Tenant": "", ?
  "MetaDataAddress": "https://my adfs /FederationMetadata/2007-06/FederationMetadata.xml"
},

Any help would be great.

Thanks

5 Answer(s)

0

ismcagdas created 3 years ago
Support Team

Hi,

AspNet Zero uses ASP.NET Core's integrations, so you can follow Microsoft's documentation, see https://docs.microsoft.com/en-us/aspnet/core/security/authentication/ws-federation?view=aspnetcore-3.1.

Please let us know if you face any problem.
0

mfainc created 3 years ago

Thank you for the microsoft documentation. I understand how to setup a relying party trust. My config "WsFederation": { "IsEnabled": "true", "Authority": "https://localhost:44301/", "ClientId": "", ? on-premises ADFS does not supply this "Tenant": "", ? on-premises ADFS does not supply this "MetaDataAddress": "https://my adfs /FederationMetadata/2007-06/FederationMetadata.xml" }, Do I need to supply values for ClientId and Tenant using WsFederation. Being that I am using on-premises ADFS when I am adding a Relying Party Trust it does not supply these values
0

ismcagdas created 3 years ago
Support Team

Hi @mfainc,

You can leavel Tenant empty. I'm not sure about ClientId since I don't know much about Relying Party Trust. You can try it and if you face a problem, share it with us.

If you face a problem, probably there will be an error log in the server side log file (App_Data/Logs/Logs.txt).
0

mfainc created 3 years ago

Is there any example of setting the solution up to use an on-premises ADFS? It is redirecting me to Microsoft to log in not my ADFS server.
0

ismcagdas created 3 years ago
Support Team

Hi,

Unfortulately, we don't have such a sample. Could you share your configuration with [email protected] ? We can take a look at it for you.

Have an answer to this question? Log in and write your answer.