This update enables Active Directory Federation Services (ADFS) 3.0 support for Open Authentication (OAuth) tokens in a Microsoft Skype for Business Server 2015 environment.
Note OAuth is a standard protocol that's used for server-to-server authentication and authorization.
After you install this update, OAuth integration with ADFS is supported. This support includes the following:
Note OAuth is a standard protocol that's used for server-to-server authentication and authorization.
After you install this update, OAuth integration with ADFS is supported. This support includes the following:
- OAuth interactive (forms-based authentication or Multi-factor authentication [MFA]) sign-in by running the Test-CsRegistration cmdlet.
The -AuthenticationMethod parameter has new OAuthInteractive value. If forms-based authentication or MFA is enabled on ADFS, it starts an Internet Explorer frame and prompts for credentials. - Implements handling of PrimarySID claim in OAuth tokens to cater to resource forest deployment scenarios that other claims (UPN, SIP, email) aren't available for or to match the data that's stored in the resource forest.
- Blocks fewer desktop client versions from using Active Directory Authentication Library (ADAL) for on-premises sign-in.
New-CsOAuthServer -Identity <name> -Type adfs -MetadataUrl https://<adfs_fqdn>/FederationMetadata/2007-06/FederationMetadata.xml [-AcceptSecurityIdentifierInformation $true]
Set-CsOAuthConfiguraiton -ClientAuthorizationOAuthServerIdentity <name>