Angular 6 and ADAL


  • Hi

    i m using following ADAL for angular library **adal-angular4 **

    I have angular6 based app with  ADAL library for my app for my on prem ADSFS and login works and i am able to get token. But i want to get back custom claim like email address , first name , last name . So as per ADFS 2016 doc i need to have resource parameter. So here is my config object

    config: {
    instance: 'myadfsserver https link',
    tenant: 'adfs',
    clientId: 'my_client_id',
    resource : 'myresource/',
    redirectUri: window.location.origin ,
    //extraQueryParameter : 'resource=myresource/',
    extraQueryParameter : 'use_windows_client_authentication=true',
    postLogoutRedirectUri : 'myurl',

    endpoints: {
    'myadfsserver https link  ': '00000000-0000-0000-0000-000000000000'


    so when i click login in

    my app the URL constructed doesn't have ?resource=myresource
    upon logout its not redirecting to my postLogoutRedirectUri configured
    when i uncomment extraQueryParameter line &resource=myresource shows up but jwt token doesn't have my custom claims :(

    is there any other way to get custom claims ?


    ** From my ADFS setup we have configured email address , first name , last name  in pass through claims

    • Moved by YASWANTHM-MSFTMicrosoft employee Thursday, September 6, 2018 2:46 PM Moving the thread from Azure AAD for better Exposure and Guidance from the Right Experts.
    Tuesday, September 4, 2018 2:38 PM

All replies

  • Could you share the document which you are following and elaborate your scenario with more information ? Also, could you share the error code with the screenshot?
    Tuesday, September 4, 2018 8:37 PM
  • ok my logout issue is fixed. I found solution from

    So only thing remain is claims. So my ADFS Admin has setup server application and web api following

    plus we have configured following claims along with first name , Last name. and email address. in screen shot i did not show email address , first name and last name

    on permitted scopes we have following + email and and alatclaims.

    but my id_token doesnt have any extra values like first name , last name email adress etc . I also tried but no luck.

    As i m pretty new to this if some one could guide me how to test it manually first via postman that would rule out adfs setup issues ( i guess) .

    About scenario Angular 6 UI app --> adfs 2016 --> get id_token with email address , first name , last name (may be groups) . There is no error as login works and generated token doesnt have additonal values which i m looking for.

    Let me know what more information i can provide.

    Tuesday, September 4, 2018 11:40 PM
  • oh and i cant share any screen shots as account isnt verified :) now you can surely say i m new to this lol
    Tuesday, September 4, 2018 11:41 PM
  • If you are not allowed to post images, you may verify your account here:


    Wednesday, September 5, 2018 11:10 AM
  • let me see if i can attached some screen shots.

    from scopes i have enabled including those highlighted here.

    Wednesday, September 5, 2018 1:14 PM
  • For some reason i still cant paste screen shots.Please let me know what more information i should provide.
    Wednesday, September 5, 2018 5:59 PM
  • As i cant still share screen shares will cmd line output help ?

    Here is output of

    Get-AdfsServerApplication - -Application testoauth

    ADUserPrincipalName                  :
    ClientSecret                         : ********
    JWTSigningCertificateRevocationCheck : None
    JWTSigningKeys                       : {}
    JWKSUri                              :
    Name                                 : testauth - Server application
    Identifier                           : *****************
    ApplicationGroupIdentifier           : testauth
    Description                          :
    Enabled                              : True
    RedirectUri                          : {https://localhost:8443/login}

    give me some time to get Get-AdfsWebApiApplication output. so once again just reminding that my issue is with id_token doesnt have additional values like first name . last name email address etc. Or if i can mail you screen shot in word document let me know.

    Wednesday, September 5, 2018 7:00 PM

    Monday, September 10, 2018 7:36 PM
  • Really Sorry for late reply. I tried this and still doenst work :( you have some time to do screen share with me ? I dont care for timezone :)
    Friday, December 7, 2018 3:12 AM
  • Roy

    also one more thing. My ADFS is on prem. In your example i m seeing you are accessing ADFs from azure. Does that make any difference ? 

    FYI "We have a more current cumulative update KB4103720 from 5/8/18 installed on the ADFS servers"


    Friday, December 7, 2018 3:50 PM
  • so  if i use form_post my angular app gives error can not post to / . there is no one who has got custom claims suing adfs oauth and angular ?
    Thursday, December 13, 2018 4:14 PM