Ueberauth ADFS v0.3.0 Ueberauth.Strategy.ADFS View Source

ADFS Strategy for Überauth.

In ADFS Server setup a new Client using Powershell:

Add-AdfsClient -Name "OAUTH2 Client" -ClientId "unique-custom-client-id" -RedirectUri "http://localhost:4000/auth/adfs/callback"
Add-ADFSRelyingPartyTrust -Name "OAUTH2 Client" -Identifier "http://localhost:4000/auth/adfs"
Set-AdfsRelyingPartyTrust -IssuanceAuthorizationRulesFile "TransformRules.txt"

In TransformRules.txt put the following:

@RuleTemplate = "LdapClaims"
@RuleName = "User Details"
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "groups", "userPrincipalName"), query = ";sAMAccountName,givenName,sn,mail,tokenGroups,userPrincipalName;{0}", param = c.Value);

Add 'adfs_url', 'adfs_metadata_url', 'client_id', 'resource_identifier' and optionally adfs_handler to your configuration:

config :ueberauth, Ueberauth.Strategy.ADFS,
  adfs_url: "https://adfs.url",
  adfs_handler: MyApp.ADFSHandler, # Use custom handler to extract information from the token claims
  client_id: "the_client",
  resource_identifier: "the_resource_id"

An example custom ADFS handler

defmodule MyApp.ADFSHandler do
  use Ueberauth.Strategy.ADFS.Handler

  def credentials(conn) do
    token = conn.private.adfs_token

    %Credentials{
      expires: token.claims["exp"] != nil,
      expires_at: token.claims["exp"],
      scopes: token.claims["aud"],
      token: token.token
    }
  end

  @doc false
  def info(conn) do
    user = conn.private.adfs_user

    %Info{
      nickname: user["winaccountname"],
      name: "#{user["given_name"]} #{user["family_name"]}",
      email: user["email"],
      first_name: user["given_name"],
      last_name: user["family_name"]
    }
  end

  @doc false
  def extra(conn) do
    user = conn.private.adfs_user

    %Extra{
      raw_info: %{
        token: conn.private[:adfs_token],
        id_token: conn.private[:adfs_id_token],
        user: user,
        groups: user["groups"]
      }
    }
  end
end

Link to this section Summary

Functions

auth(conn)

configured?()

credentials(conn)

Provides the credentials for the user

default_options()

extra(conn)

Provides the extra params for the user

get_wellknown_url()

handle_callback!(conn)

The callback phase implementation for your strategy

handle_cleanup!(conn)

The cleanup phase implementation for your strategy

handle_request!(conn)

The request phase implementation for your strategy

info(conn)

Provides the info for the user

jason_module()

keys_from_wellknown(well_known_url)

logout(conn, id_token)

lookup_key(table, identifier, list)

make_token(payload)

uid(conn)

Provides the uid for the user

update_key_cache(table)

validate_token(token)

Link to this section Functions

auth(conn) View Source

configured?() View Source

credentials(conn) View Source

Provides the credentials for the user.

This is one of the component functions that is used to construct the auth struct. What you return here will be in the auth struct at the credentials key.

Callback implementation for Ueberauth.Strategy.credentials/1.

default_options() View Source

extra(conn) View Source

Provides the extra params for the user.

This is one of the component functions that is used to construct the auth struct. What you return here will be in the auth struct at the extra key.

You would include any additional information within extra that does not fit in either info or credentials

Callback implementation for Ueberauth.Strategy.extra/1.

get_wellknown_url() View Source

handle_callback!(conn) View Source

The callback phase implementation for your strategy.

In this function you should make any external calls you need, check for errors etc. The result of this phase is that either a failure (Ueberauth.Failure) will be assigned to the connections assigns at ueberauth_failure or an Ueberauth.Auth struct will be constrcted and added to the assigns at :ueberauth_auth.

Callback implementation for Ueberauth.Strategy.handle_callback!/1.

handle_cleanup!(conn) View Source

The cleanup phase implementation for your strategy.

The cleanup phase runs after the callback phase and is present to provide a mechanism to cleanup any temporary data your strategy may have placed in the connection.

Callback implementation for Ueberauth.Strategy.handle_cleanup!/1.

handle_request!(conn) View Source

The request phase implementation for your strategy.

Setup, redirect or otherwise in here. This is an information gathering phase and should provide the end user with a way to provide the information required for your application to authenticate them.

Callback implementation for Ueberauth.Strategy.handle_request!/1.

info(conn) View Source

Provides the info for the user.

This is one of the component functions that is used to construct the auth struct. What you return here will be in the auth struct at the info key.

Callback implementation for Ueberauth.Strategy.info/1.

jason_module() View Source

keys_from_wellknown(well_known_url) View Source

logout(conn, id_token) View Source

lookup_key(table, identifier, list) View Source

make_token(payload) View Source

uid(conn) View Source

Provides the uid for the user.

This is one of the component functions that is used to construct the auth struct. What you return here will be in the auth struct at the uid key.

Callback implementation for Ueberauth.Strategy.uid/1.

update_key_cache(table) View Source

validate_token(token) View Source