none
is PKCE and service role mapping available in adfs2016 RRS feed

  • Question

  • We're planning some new internal service auth integration models and thinking should we look at ADFS 2016 feature set? Especially would want PKCE and then some way to manage AD group membership mappings to higher level "service roles" so that we would not need to pass all AD groups to all apps. 

    PKCE is nice to have but the AD group -> service role mappings is mandatory. 

    e.g. AD group "XXXX"
    where "XXXX" is a service role. Then the service role information is returned as part of user claims e.g. in id_token or from the UserInfo Endpoint

    so that the connecting clients would not need to make their own "role" mappings based on raw AD group names and we can even hide the AD groups from apps and have a central place where to control this configuration. 

    Br,

    Sebastian


    Tuesday, January 15, 2019 6:14 PM

All replies

  • ok, there's some article about PKCE - https://social.technet.microsoft.com/Forums/en-US/f273b92a-3932-4ac0-9dd9-89f475456a03/need-to-know-if-pkce-proof-key-for-code-exchange-is-suported-by-ad-fs-2016?forum=ADFS

    What about service role?

    Tuesday, January 15, 2019 6:18 PM