I am adding ADFS authentication to the Angular SPA website with the back of WebApi. To do this, I configured an ADFS instance with client and RP.
To enter the SPA, the user is redirected to the endpoint sts.domain / adfs / oauth2 / authorize. The user is authenticated on the web page and redirected to the page in the application - www.domain / token / redirect.html? Code = SOMECODE & state = URL
This page retrieves the token from the URL parameters and calls the endpoint sts.domain / adfs / oauth2 / token to get the JWT token for the back of WebApi.
var url = "https://sts.domain/adfs/oauth2/token"; $.ajax(url, { type: "POST", data: { grant_type: "authorization_code", client_id: client, redirect_uri: redirect, code: token } })
The application then saves the WebApi token and adds it to Angular $ http.defaults.headers.common.Authorization so that it is used to communicate with the WebApi backend. Then it is redirected back to the SPA.
All this works correctly in IE, but the standard CORS error message when calling the OAuth / token endpoint does not work in Firefox and Chrome.
No header "Access-Control-Allow-Origin" is present on the requested resource. The origin of https: //www.domain 'is therefore not allowed.
It seems I should add the SPA URL to the ADFS instance CORS configuration, but I cannot find a way to configure the ADFS instance CORS configuration. How to configure CORS in ADFS 3.0 OAuth? Is there any other way to accomplish this more standard task?
source share