Skip to content

jmerriweather/ueberauth_adfs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits

config

config

 
 

lib

lib

 
 

test

test

 
 

.formatter.exs

.formatter.exs

 
 

.gitignore

.gitignore

 
 

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

mix.exs

mix.exs

 
 

mix.lock

mix.lock

 
 

Repository files navigation

Ueberauth ADFS

Installation

The package can be installed by adding ueberauth_adfs to your list of dependencies in mix.exs:

def deps do
  [
    {:ueberauth_adfs, "~> 0.3.0"}
  ]
end

Docs can be found at https://hexdocs.pm/ueberauth_adfs.

Setting up ADFS

In ADFS >=3.0 setup a new Client using Powershell:

Add-AdfsClient -Name "OAUTH2 Client" -ClientId "unique-custom-client-id" -RedirectUri "http://localhost:4000/auth/adfs/callback"
Add-ADFSRelyingPartyTrust -Name "OAUTH2 Client" -Identifier "http://localhost:4000/auth/adfs"
Set-AdfsRelyingPartyTrust -IssuanceAuthorizationRulesFile "TransformRules.txt"

In TransformRules.txt put the following:

@RuleTemplate = "LdapClaims"
@RuleName = "User Details"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "groups", "userPrincipalName"), query = ";sAMAccountName,givenName,sn,mail,tokenGroups,userPrincipalName;{0}", param = c.Value);

Configuring Application

Add adfs_url and client_id to your configuration:

config :ueberauth, Ueberauth.Strategy.ADFS.OAuth,
  adfs_url: System.get_env("ADFS_URL"),
  adfs_handler: MyApp.ADFSHandler, # Optional, ability to provide handler to extract information from the token claims
  client_id: System.get_env("ADFS_CLIENT_ID"),
  resource_identifier: System.get_env("RESOURCE_IDENTIFIER")

Add ADFS provider to Ueberauth:

config :ueberauth, Ueberauth,
providers: [
  adfs: { Ueberauth.Strategy.ADFS,
    [
      #uid_field: :email,
      #request_path: "/auth/adfs",
      #callback_path: "/auth/adfs/callback"
    ]
  }
]

Optional: Create custom ADFS handler

defmodule MyApp.ADFSHandler do
  use Ueberauth.Strategy.ADFS.Handler

  def credentials(conn) do
    token = conn.private.adfs_token

    %Credentials{
      expires: token.claims["exp"] != nil,
      expires_at: token.claims["exp"],
      scopes: token.claims["aud"],
      token: token.token
    }
  end

  @doc false
  def info(conn) do
    user = conn.private.adfs_user

    %Info{
      nickname: user["winaccountname"],
      name: "#{user["given_name"]} #{user["family_name"]}",
      email: user["email"],
      first_name: user["given_name"],
      last_name: user["family_name"]
    }
  end

  @doc false
  def extra(conn) do
    user = conn.private.adfs_user

    %Extra{
      raw_info: %{
        token: conn.private[:adfs_token],
        id_token: conn.private[:adfs_id_token],
        user: user,
        groups: user["groups"]
      }
    }
  end
end

About

ADFS Strategy for Überauth

Topics

elixir adfs ueberauth

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

2 watching

Forks

8 forks
Report repository

Releases

3 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages