Configuring ADFS and LDAP for OAuth
Follow these procedures to configure Active Directory Federated Services (ADFS) and LDAP for an OAuth authentication option.
Export Certificate
Blow are the steps to export a certificate for CT-VL:
Open Server Manager.
Click Tools and select ADFS Management.
Click Certificates.
Double-click on Token-signing certificate.
In the certificate window, select Details tab.
Click Copy to File...
Click Next.
Select Base64 format and click Next.
Enter file name.
Add an Application Group
Below are the steps to add an application group:
Open Server Manager.
Click Tools and select ADFS Management.
Right click Application Groups and select Add Application Group wizard.
Enter name and select Native application accessing a web API.
Copy Client Identifier to a template for later use.
Enter your CT-VL login URL in Redirect URI field (https://
/login) and click Add. Click Next.
Enter the same CT-VL URI as entered in previous step in the Identifier field and click Add.
Click Next.
Use default (Permit everyone) and click Next.
Click Next on the review page.
Click Close.
Add Properties to a New Group
Below are the steps to add properties to a new group:
Double-click on the desired new group.
Select
- Web API and click Edit.Select Issurance Transform Rules and click Add Rules.
Select Claim rule template: Send LDAP Attributes as Claims.
Click Next.
Enter a rule name.
Add the following rules:
Token-Groups - Unqualified Names : Group
User-Principal-Name : UPN
SAM-Account-Name : Name
Surname : Surname
Given-Name : Given Name
Click Finish.
Click OK.
Test ADFS Authentication
To test ADFS authentication:
curl -k -X POST https://<adfs server>/adfs/oauth2/token -d
'grant_type=password&username=<user>&password=<password>&client_id=<clien
t id>5&resource=https%3A%2F%2Fmickeymouse'
The expected response is:
{"access_token":"eyJ0eXA ... mVSpzmW-FBDlg"}
