How to fix ADFS missing endpoints

2024-12-09T11:37:13.4633333+00:00

The endpoints /token and /authorize for OAuth2 are not available in AD FS Management -> Services -> Endpoints, making it impossible to use OAuth2 with third-party applications.

The only endpoints related to OAuth2 are:

OAuth2:

  • /adfs/oauth2

/adfs/oauth2/deviceauth

OpenID Connect:

/adfs/.well-known/openid-configuration

/adfs/discovery/keys

/adfs/userinfo

All these endpoints are enabled, and the endpoint /adfs/.well-known/openid-configuration returns the following:

"authorization_endpoint": "https://mydomain.com/adfs/oauth2/authorize/",
"token_endpoint": "https://mydomain.com/adfs/oauth2/token/"

However, I cannot access the /authorize and /token endpoints directly.

Is it necessary to install any additional plugins to enable access to these endpoints?The endpoints /token and /authorize for OAuth2 are not available in AD FS Management -> Services -> Endpoints, making it impossible to use OAuth2 with third-party applications.

The only endpoints related to OAuth2 are:

OAuth2:

/adfs/oauth2

/adfs/oauth2/deviceauth

OpenID Connect:

/adfs/.well-known/openid-configuration

/adfs/discovery/keys

/adfs/userinfo

All these endpoints are enabled, and the endpoint /adfs/.well-known/openid-configuration returns the following:

"authorization_endpoint": "https://mydomain.com/adfs/oauth2/authorize/",
"token_endpoint": "https://mydomain.com/adfs/oauth2/token/"

However, I cannot access the /authorize and /token endpoints directly.

Is it necessary to install any additional plugins to enable access to these endpoints?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,766 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,282 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Marti Peig 610 Reputation points Microsoft Employee
    2024-12-09T12:28:07.7333333+00:00

    Hi Juarez,

    Even if these endpoints are not explicitly listed under AD FS Management -> Services -> Endpoints, they should be operational if /adfs/oauth2 is enabled.

    Have you tried testing the /authorize and /token endpoints with tools like Curl?

    Example for /authorize:

    curl -X GET "https://mydomain.com/adfs/oauth2/authorize" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "client_id=your_client_id&response_type=code&redirect_uri=https://yourapp.com/callback&scope=openid"
    

    Example for /token:

    curl -X POST "https://mydomain.com/adfs/oauth2/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "client_id=your_client_id&grant_type=authorization_code&code=auth_code_here&redirect_uri=https://yourapp.
    
    0 comments No comments

  2. Marti Peig 610 Reputation points Microsoft Employee
    2024-12-09T12:31:57.22+00:00

    Removing duplicate answer

    0 comments No comments

  3. 2024-12-09T20:39:19.2666667+00:00

    The error obtained is: "Microsoft.IdentityServer.RequestFailedException: MSIS7065: Não há manipuladores de protocolo registrados no caminho /adfs/oauth2/token para processar a solicitação recebida. em Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)" which basically indicates that the endpoint does not exist.

    The /authorize endpoint seems to work, as I am redirected to the ADFS login page and then to the page of my application (which is a debug application) that should display the token.


  4. Marti Peig 610 Reputation points Microsoft Employee
    2024-12-18T08:42:24.8533333+00:00

    Hi Juarez,

    Apologies for the late reply. I've been checking this on my lab and I just want to confirm the /adfs/oauth2/token as you said is not visible in a default Windows Server 2019 ADFS installation. At this point, it would be better you reach out to our Support for further troubleshooting.

    Cheers

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.