Quantcast
Viewing all articles
Browse latest Browse all 36

Use AD FS SAML token to authenticate with SharePoint 2019

  • EDIT: Updated question as I was able to solve part of the issue thanks to lehuspohus!*

I have fetched a SAML Token from AD FS for the Relying Party I have set up with my local SharePoint server using Postman.

How do I format and where do I post the response from AD FS to authenticate with SharePOint:

UPDATE - Working solution added thanks to lehupohus is below:I can authenticate with SharePoint with this by submitting it as part of a url-encoded-form that looks like this:wa=wsignin1.0&wresult=<Encoded SAML Token>&wctx=https://server/_layouts/15/Authenticate.aspx?Source=/ to https://server/_trust/ and I get a whole page back in the response body along with the FedAuth access token*.

Follow on questions which I believe the answers are no.

  1. Is there an endpoint that I can submit just the XML/SOAP to (where and what does that look like?)

  2. Can I just retrieve the FedAuth access token only (without the rest of the html page).

<trust:RequestSecurityTokenResponse><trust:Lifetime><wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2022-10-19T16:56:36.105Z</wsu:Created><wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2022-10-19T17:56:36.105Z</wsu:Expires></trust:Lifetime><wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"><wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsa:Address>urn:sharepoint:spsites</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><trust:RequestedSecurityToken><saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_3519cbe0-66fb-4bc3-9a40-91ea06cb0ad7" Issuer="http://ms-adfs.intranet/adfs/services/trust" IssueInstant="2022-10-19T16:56:36.230Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2022-10-19T16:56:36.105Z" NotOnOrAfter="2022-10-19T17:56:36.105Z"><saml:AudienceRestrictionCondition><saml:Audience>urn:sharepoint:spsites</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AttributeStatement><saml:Subject><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="emailaddress" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims"><saml:AttributeValue>billbates@microsotofu.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><saml:AuthenticationStatement AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:X509-PKI" AuthenticationInstant="2022-10-19T16:56:35.639Z"><saml:Subject><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_3519cbe0-66fb-4bc3-9a40-91ea06cb0ad7"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>gTz6J3z40UUkqOf1DV3gAe4yel5AD0GVPCJ7xI6ac44=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>ftyI5grqS01/g9zpfUuPn24xXMvJ...</ds:SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Data><X509Certificate>MIICxDCCAaygAwIBAgIQEqN9pL4STbx...</X509Certificate></X509Data></KeyInfo></ds:Signature></saml:Assertion></trust:RequestedSecurityToken><trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType><trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType><trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType></trust:RequestSecurityTokenResponse>

Viewing all articles
Browse latest Browse all 36

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>