locked
ADFS 4.0 get group or role claims in ID-Token RRS feed

  • Question

  • Hi,

    I'm working to deploy ADFS 4 as an IDP for our Web Apps, but i'm not able to get group or role in ID-Token . We are using openid connect.

    Is there a way to get these claims, or it's not possible and we have to change the IDP.

    We decided to use ADFS 4 and ADAL so we can use Oauth and OpenID connect but i m not sure if we can get all claims needed for our setup.

    Thanks


    Lourh

    Monday, December 4, 2017 3:34 PM

Answers

  • I'm able to get role claim in ID-Token  based on a groupmembership:

    I followed https://medium.com/tech-feed/adding-claims-to-the-default-jwt-id-token-in-adfs-4-0-server-2016-b2b3cd96afd2

    To do this :

    •  i have to create the WebAPI in the same group as the application
    • The WebAPI must have the same Client ID as the appilcation
    • The permission openid and allatclaims
    • transform rules if you have to transfrom claims for specific needs

    Thanks


    Lourh

    • Marked as answer by Lourh Monday, December 4, 2017 4:36 PM
    Monday, December 4, 2017 4:36 PM

All replies

  • I'm able to get role claim in ID-Token  based on a groupmembership:

    I followed https://medium.com/tech-feed/adding-claims-to-the-default-jwt-id-token-in-adfs-4-0-server-2016-b2b3cd96afd2

    To do this :

    •  i have to create the WebAPI in the same group as the application
    • The WebAPI must have the same Client ID as the appilcation
    • The permission openid and allatclaims
    • transform rules if you have to transfrom claims for specific needs

    Thanks


    Lourh

    • Marked as answer by Lourh Monday, December 4, 2017 4:36 PM
    Monday, December 4, 2017 4:36 PM
  • https://medium.com/the-new-control-plane/the-mystery-of-the-missing-adfs-jwt-claims-7658d9cdeaac

    Monday, September 10, 2018 8:05 PM