This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

ADFS 4.0 get group or role claims in ID-Token

Question
0

Sign in to vote

Hi,

I'm working to deploy ADFS 4 as an IDP for our Web Apps, but i'm not able to get group or role in ID-Token . We are using openid connect.

Is there a way to get these claims, or it's not possible and we have to change the IDP.

We decided to use ADFS 4 and ADAL so we can use Oauth and OpenID connect but i m not sure if we can get all claims needed for our setup.

Thanks

Lourh

Monday, December 4, 2017 3:34 PM

Answers

0

Sign in to vote
I'm able to get role claim in ID-Token based on a groupmembership:

I followed https://medium.com/tech-feed/adding-claims-to-the-default-jwt-id-token-in-adfs-4-0-server-2016-b2b3cd96afd2

To do this :

i have to create the WebAPI in the same group as the application
The WebAPI must have the same Client ID as the appilcation
The permission openid and allatclaims
transform rules if you have to transfrom claims for specific needs

Thanks

Lourh
- Marked as answer by Lourh Monday, December 4, 2017 4:36 PM
Monday, December 4, 2017 4:36 PM

All replies

0

Sign in to vote
I'm able to get role claim in ID-Token based on a groupmembership:

I followed https://medium.com/tech-feed/adding-claims-to-the-default-jwt-id-token-in-adfs-4-0-server-2016-b2b3cd96afd2

To do this :

i have to create the WebAPI in the same group as the application
The WebAPI must have the same Client ID as the appilcation
The permission openid and allatclaims
transform rules if you have to transfrom claims for specific needs

Thanks

Lourh
- Marked as answer by Lourh Monday, December 4, 2017 4:36 PM
Monday, December 4, 2017 4:36 PM
0

Sign in to vote

https://medium.com/the-new-control-plane/the-mystery-of-the-missing-adfs-jwt-claims-7658d9cdeaac

Monday, September 10, 2018 8:05 PM