SPA ADFS and roles - Githubissues

AzureAD / azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.

https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/maintenance/adal-angular

Apache License 2.0

627 stars 372 forks source link

SPA ADFS and roles #711

Closed thepill closed 6 years ago

thepill commented 6 years ago

hi people,

i cant get my head around a simple SPA accessing a aspnet web api usding adaljs and (on-premise) ADFS 4.0.

I would like to show different things on the SPA using roles, but the access_token nor the Id_token are containing any role claims.

The adfs application is configured to return the role claims based on groups. Am i miss understanding something crucial or must the role be present in the id_token/access_token?

Thanks in advice

navyasric commented 6 years ago

@thepill As mentioned here, for the role claims to be present in the id_token, the appRoles property must be defined in the application manifest. Here is an AAD sample of a .Net app which has some instructions you and can follow for your SPA as well. Please reopen issue if necessary.

thepill commented 6 years ago

hi @navyasric thank you for you information, but i think the provided link to appRoles does only belong to Azure Active Directory not to ADFS?

rajsolanki73 commented 6 years ago

any update on this ?