Using ADFS with Azure API Management

Azure API Management is an API gateway that can be used to publish APIs to the Internet. It provides features such as per-developer API keys, request throttling and request authentication. One of the way requests can be authenticated is through standard OAuth2 bearer tokens. I assume that the most common scenario is to use Azure AD to issue those tokens. But if an organisation is not that cloud enabled yet and the users are in an on prem AD, the natural token issuer is to use ADFS. And ADFS on Windows Server 2016 supports OpenID Connect, so it should work, right?

Well, it turns out it didn’t just work. The OpenID Connect implementation in ADFS has some quirks that need to be handled. In the end it worked, but with some limitations.

Software Development is a Job – Coding is a Passion

I'm Anders Abel, an independent systems architect and developer in Stockholm, Sweden.

profile for Anders Abel at Stack Overflow, Q&A for professional and enthusiast programmers

Code for most posts is available on my GitHub account.

Popular Posts


Archives

Series

Tags

ASP.NET ASP.NET MVC3 ASP.NET MVC4 ASP.NET MVC5 Books Code Generation Code Quality Cryptography Database Debugging EF Code First EF Migrations Entity Framework Extension Methods git IDisposable IEnumerable Index jQuery jQuery UI Kentor.AuthServices Language Basics LINQ LINQ to SQL meta-blogging Owin Planning Project Management Recruiting Requirements SAML2 Scrum Security Source Control SQL Test Driven Development Tests Time Estimation Tools Unit Tests Utilities Visual Studio Web XML yield return

Powered by WordPress with the Passion for Coding theme.