0

I want to set up an identity server to centralize the authentication for multiple backend APIs (ASP.NET Web API mostly) and multiple clients (Web SPA, Xamarin Mobile and WPF PC-client). I preferably want to present the clients with a single OAuth2 token endpoint, where they can send the users credentials, together with the client_id and client_secret (plus realm etc) and get back a token (and refreshtoken) to use as a bearer-token when talking to the HTTP APIs.

The somewhat tricky part is I want the identity server to use ADFS to authenticate the identity against the users Active Directory account.

I've looked at Thinktecture IdentityServer v3, but I can't seem to find a way to allow the workflow of just using HTTP post to a token endpoint. The way it seems to work to me is to redirect the user to the authorize endpoint, which would require a webview in the non-web clients. Is there a way to achieve this without requiring a webview, just using a HTTP API?

Any links to examples of this, or possible other solutions will be greatly appreciated.

MarvinTheRobot
  • 75
  • 6

1 Answers1

0

From the Thinktecture IdentityServer3 issue tracker on GitHub I found this answer from one of the creators Dominick Baier:

We only support ADFS as an identity provider - via the browser login window. Is that what you want? Or are you looking for a programmatic way to authenticate the user?

If yes - we don't support that out of the box anymore - but can be implemented using a custom grant. The samples repo has a basic example of custom grant implementation.

https://github.com/IdentityServer/Thinktecture.IdentityServer3/issues/618

That answered the question for me. It's not possible to authenticate programmatically against ADFS with IdentityServer v3 out of the box.

MarvinTheRobot
  • 75
  • 6