Good evening,
I was wondering if anyone has any advise on using Microsoft AD FS 4.0 to support OAuth 2.0 with MuleSoft to provide some form of token for authorisation between different layers in the API application network?
We are currently using a gold subscription level, which means that we do not have access to the following policies:
- OpenAM OAuth 2.0 Token Enforcement - This policy is only available in a Federated organization configured to use OpenAM as a Client Management solution. (Platinum)
- OpenID Connect OAuth 2.0 Token Enforcement - This policy is only available in a Federated organization configured to use OpenID Connect as Client Management solution. (Platinum)
- PingFederate OAuth 2.0 Token Enforcement - This policy is only available in a Federated organization configured to use PingFederate as Client Management solution. (Platinum)
The Mule OAuth 2.0 Access Token enforcement Using External Provider policy is designed to work exclusively with a Mule OAuth 2.0 provider. Using the policy with any other OAuth 2.0 provider (for example, Facebook, Google, or Azure) is not supported.
This leaves only the JWT Validation Policy - The JWT Validation policy validates the signature of the token and asserts the values of the claims of all incoming requests by using a JWT with JWS format. The policy does not validate JWT that uses JWE.
JWT with OpenID Connect for Microsoft AD FS 4.0 will provide support for authentication and the provision of an identity token. From what I can see it does not provide the flexibility needed for authorisation based on scopes (e.g. READ, WRITE, ADMIN). Has anyone got any advice on the use of JWT tokens for authentication between the layers in the API application network? E.g. an application at the process layer gets a JWT token to authenticate against the system layer when making a call.
Are there any other pointers that may make using Microsoft AD FS 4.0 with MuleSoft easier?
Thank you for any assistance in advance.
