Azure Active Directory | Guide and Walkthrough by MobilityDojo.net

AAD from A to Z

Taking you through the technology that is Azure Active Directory.

  • DirSync, AAD Connect, Graph API
  • MFA, App Proxy, RMS, AAD Domain Join
  • And more!

Application Groups

Setting up Application Groups and Apps in ADFS 2016

In this walkthrough we will attempt to replicate the scenario described in the WebAPISingleTenant walkthrough using ADFS instead of Azure AD. The purpose is to show the differences, while also highlighting how much of the code is similar between the two configurations.
For reference:
http://aadguide.azurewebsites.net/integration/webapisingletenant

This is part 1 (of 2) - configuring the ADFS Server.
Part 2 covers the code.
It is assumed that ADFS 2016 is already installed on a server.

Open the ADFS Management Console, right-click on "Application Groups", and click "Add Application Group":
ADFS 2016 - Application Group

Select "Server Application or Website", and hit "Next":
ADFS 2016 - Application Group

Enter https://localhost:44320 as the redirect URI and "Add it". Copy the "Client Identifier", and hit "Next":
ADFS 2016 - Server App

Check "Generate a shared secret", and copy it to the clipboard (and preferably into a text file afterwards):
ADFS 2016 - Server App

Confirm that things look right:
ADFS 2016 - Server App

Hit "Close" if it was successful:
ADFS 2016 - Server App

Next we need to add a Web API:
ADFS 2016 - Web API

We need to create an identifier for the app - as long as it's unique you're good:
ADFS 2016 - Web API

We need to assign a policy. For simplicity we choose "Permit everyone":
ADFS 2016 - Web API

Make sure "openid" is checked as the scope:
ADFS 2016 - Web API

Confirm that things look right:
ADFS 2016 - Web API

And success:
ADFS 2016 - Web API

We should also add a "Native application" for use in a Universal Windows Platform app:
ADFS 2016 - Native App

For the moment we fill in a placeholder value for the redirect URI as we have not built the app yet. When we have the id we need to revisit this page:
ADFS 2016 - Native App

Confirm that things look right:
ADFS 2016 - Native App

And success:
ADFS 2016 - Native App

You should now have the following applications in the application group "AADGuide":
ADFS 2016 - Application Group

Afterwards you need to grant access to the Web API for both the Native and the Server App:
ADFS 2016 - Web API

You should also have a couple of future variables written down:

var serverapp_ClientId = "a1b2c3";
var serverapp_RedirectURI = "https://localhost:44320";
var serverapp_ClientSecret = "a1b2c3";
var webAPI_Id = "https://aadguide.azurewebsites.net/WebAPI";
var uwpApp_ClientId = "a1b1c3";
var uwpApp_RedirectURI = "ms-app://xyz";

You will need these when you head over to the next part.

Edit this page on GitHub