Spring Boot oauth2: How to set the resource parameter in the authorization request to make adfs happy?

spring-boot spring-security-oauth2 adfs3.0

1536 просмотра

1 ответ

I'm trying to set up a spring boot app that uses oauth2 with Active Directory Federation Services as the authentication provider. I started with the tutorial here...

https://spring.io/guides/tutorials/spring-boot-oauth2/

... and got the facebook example to work. Then, I started adapting it to work with ADFS. It is close to working, but ADFS expects a resource parameter to be passed with the authorization request and I can't figure out how to set it. Here's what I've got so far in the config...

security:
    oauth2:
        client:
            clientId: spring-boot-test-client
            userAuthorizationUri: https://domain/adfs/oauth2/authorize
            access-token-uri: https://domain/adfs/oauth2/token
            tokenName: code
            authenticationScheme: query
            clientAuthenticationScheme: form
            grant-type: authorization_code

When I click the login link, it redirects to https://domain/adfs/oauth2/authorize?client_id=spring-boot-test-client&redirect_uri=http://localhost:8080/login&response_type=code&state=rjzfyZ

I've tried setting the security:oauth2:client:id, the security:oauth2:client:resourceids and the security:oauth2:resource:id, but none of those seemed to affect the first redirect. Any idea what I should set to get the resource included in that first redirect?

Автор: user174379 Источник Размещён: 08.11.2019 11:31

Ответы (1)


3 плюса

Answering my own question here... It may be a hack, but I just appended the resource to the userAuthorizationUri

security:
    oauth2:
        client:
            clientId: spring-boot-test-client
            userAuthorizationUri: https://domain/adfs/oauth2/authorize?resource=RelyingPartyTrustIdentifier
            access-token-uri: https://domain/adfs/oauth2/token
            tokenName: code
            authenticationScheme: query
            clientAuthenticationScheme: form
            grant-type: authorization_code

Now, I'm getting the login form.

Автор: user174379 Размещён: 25.08.2016 10:09
Вопросы из категории :
32x32