I have the following setup: ADFS 3.0, SharePoint 2013 and the custom ASP.NET MVC app.
Both SharePoint and MVC app are configured to use Single Sign-On from ADFS, so once user is logged in via ADFS, he is automatically authenticated in both SP and MVC.
What I need to do is to use CSOM from the backend of the MVC app using ADFS authentication. I can instantiate ClientContext if I provide it with user name and password, but the goal is to somehow create it without an explicit password, based on implicit authentication provided by SSO.
My first idea was to just copy FedAuth cookies from MVC app's Request, but it didn't work. In fact I found that FedAuth cookie issued to the MVC app is different from the one issued to SP (though both use the same authentication form, voodoo!).
Then I found some older guides for SP 2010, based on manually getting token from ADFS, and then using that token to call SharePoint and grab the FedAuth cookie (for example, Connecting to SharePoint with Claims Authentication and Using the Client Object Model with a Claims Based Auth Site in SharePoint 2010). However, I wasn't able to make it work ("The HTTP request was forbidden with client authentication scheme 'Negotiate'"), and really I have no idea how that first request to ADFS would be authenticated (magic?).
What is the correct way to achieve such a task, is the second approach viable at all?