0

I am working in a project where we are authenticating any REST API requests from UI or anywhere else using ADFS STS tokens. There are some direct calls from UI with ADFS STS token in header for authentication/authorization and there are some external 3rd party calls not from UI, but also using ADFS STS tokens in header. Now we are planning to migrate partially to Azure AD token, post which there may still be some applications that will keep using ADFS STS tokens, so there can be situation where an external application that is unaware of migration to Azure may still call an internal application using ADFS STS Token and we are supposed to be compatible with it. Similarly there can be a situation that an internal application that is migrated to Azure AD token is internally calling one of the legacy applications which is still not migrated to Azure AD and won't in future too.

I have two challenges now:

  1. How to support the above design so that even if an Azure token is used the API is still able to call an external service (working on ADFS) by creating an ADFS token from within the code and setting it in headers ?
  2. Header in a HTTP request seems to be an unmodifiable data and when i tried to modify it within a requesttemplate in an request interceptor code, it failed saying unmodifiable map.

How do I handle this ? Please someone help.

Unfortunately I cannot share code due to internal restrictions.

errorx
  • 1
  • 1

1 Answers1

0

Please check if below references provide some idea in your case.

According to Mix ADFS and Azure AD for authentication - Microsoft Q&A.

If you have O365 federated with ADFS and you federate an application with Azure AD, the authentication flow would be:

  1. User accesses the application which is federated to Azure AD.
  2. Application will redirect to Azure AD authentication endpoint (https://login.microsoftonline.com) for authentication.
  3. User will be prompted for credentials.
  4. Based on the UPN suffix (If the domain is federated with ADFS), user will be redirected to ADFS.
  5. ADFS will authenticate the user and issue a WS-Fed token to Azure AD.
  6. Azure AD will receive the token and issue a SAML token to the application.
  7. User will finally get access to application.

References:

  1. Configure AD FS 2016 and Azure MFA | Microsoft Docs
  2. Azure AD Connect - Manage AD FS trust with Azure AD using Azure AD Connect | Microsoft Docs
  3. federating ADFS with Azure Active Directory (techdirectarchive.com) & reference- Solution Zone
kavyaS
  • 8,026
  • 1
  • 7
  • 19