9

I am completely new to ADFS. I need to access the ADFS server through node.js. I am searching for good reference notes, with implementation. And suggest me which protocol is best for requesting. Video tutorials are also heplful.

thomaux
  • 19,133
  • 10
  • 76
  • 103
God
  • 674
  • 2
  • 6
  • 31

3 Answers3

21

I assume what you want is to authenticate users in AD (via ADFS), for your nodejs based web app. I'd recommend looking first at passport.js.

ADFS supports 2 protocols for web sites: WS-Federation or SAML-P. WS-Fed might be simpler. We open sourced the strategy for WS-Fed and SAML that we use in our product. A strategy is essentially a plug-in for passport.

That strategy should give you a good start.

Eugenio Pace
  • 14,094
  • 1
  • 34
  • 43
  • 10000000 thanks! exactly am looking for this. now am working on passportjs. but in gem "passport-wsfed-saml2" we have any document or examples, because its tough for me to understand certain terms like "realm", "homerealm" and "cert" as mentioned in the code. (i know that am asking like spoon-feeding, but am hungry to get knowledge on adfs stuffs) – God May 22 '13 at 05:39
  • There's quite a bit to digest if you really want to know how things work under the hood. I'd suggest the "claims guide" as a good start: http://msdn.microsoft.com/en-us/library/ff423674.aspx, the first couple chapters cover the basic architecture. Bear in mind that ADFS implements a subset of whats possible (for example it doesn't implement all the protocols). – Eugenio Pace May 22 '13 at 15:26
  • (Upvoted. This guy lives auth. Check out [0auth](http://www.auth0.com/)) @EugenioPace Do you have any thoughts on ADFS 3.0/2016 and OAuth2 and OpenID Connect? – TylerY86 Sep 29 '16 at 16:51
  • Or [Azure's own Passport.js implementation](https://github.com/AzureAD/passport-azure-ad)? – TylerY86 Sep 29 '16 at 16:57
2

ADFS v3.0 exposes OAuth2. *

You could use Passport.js with OAuth support or Kong with OAuth support.

You could go the ADFS 2016 OpenId Connect route for ease of implementation (passport.js, only a feature request for kong).

If you're going the Azure route, there's one (passport-azure-ad by the Windows Azure team) specifically for that.

It includes OpenID Connect, WS-Federation, and SAML-P authentication and authorization.

Otherwise, versions disallowing etc., I recommend Eugenio Pace's answer.

TylerY86
  • 3,737
  • 16
  • 29
1

Then, check these, is a complete solution (not a video tut)

Using Active Directory Federation Services to Authenticate / Authorize Node.js Apps in Windows Azure

http://seroter.wordpress.com/2013/04/22/using-active-directory-federation-services-to-authenticate-authorize-node-js-apps-in-windows-azure/

pretty fresh tut. (2013/04/22)

jmingov
  • 13,553
  • 2
  • 34
  • 37
  • 1
    I would not recommend this approach. This is issuing a WS-Trust Request Security Token directly to ADFS as opposed to using the "passive" profile. – Eugenio Pace May 20 '13 at 14:41