Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

ADFS 3.0 is supported for OAuth tokens in Skype for Business Server 2015


View products that this article applies to.

Symptoms

This update enables Active Directory Federation Services (ADFS) 3.0 support for Open Authentication (OAuth) tokens in a Microsoft Skype for Business Server 2015 environment.

Note OAuth is a standard protocol that's used for server-to-server authentication and authorization.

After you install this update, OAuth integration with ADFS is supported. This support includes the following:
  • OAuth interactive (forms-based authentication or Multi-factor authentication [MFA]) sign-in by running the Test-CsRegistration cmdlet.
    The -AuthenticationMethod parameter has new OAuthInteractive value. If forms-based authentication or MFA is enabled on ADFS, it starts an Internet Explorer frame and prompts for credentials.
  • Implements handling of PrimarySID claim in OAuth tokens to cater to resource forest deployment scenarios that other claims (UPN, SIP, email) aren't available for or to match the data that's stored in the resource forest.
  • Blocks fewer desktop client versions from using Active Directory Authentication Library (ADAL) for on-premises sign-in.
Note The following Skype for Business PowerShell cmdlets must be run to enable OAuth sign-in:
New-CsOAuthServer -Identity <name> -Type adfs -MetadataUrl https://<adfs_fqdn>/FederationMetadata/2007-06/FederationMetadata.xml [-AcceptSecurityIdentifierInformation $true]

Set-CsOAuthConfiguraiton -ClientAuthorizationOAuthServerIdentity <name>

↑ Back to the top


Resolution

To fix this issue, install the March 2016 cumulative update 6.0.9319.235 for Skype for Business Server 2015, core components.

↑ Back to the top


Keywords: kbfix, kbqfe, kbsurveynew, kbexpertiseinter, kb

↑ Back to the top

Article Info
Article ID : 3141115
Revision : 1
Created on : 1/7/2017
Published on : 3/18/2016
Exists online : False
Views : 262