<workflowgen url>
with the domain and path to your WorkflowGen instance; for example, localhost/wfgen
or mycompany.com/wfgen
.WorkflowGen
Server application accessing a web API
.
WorkflowGen - Server application
https://<workflowgen url>/auth/callback
WorkflowGen GraphQL API
https://<workflowgen url>/graphql
WorkflowGen - Server application
) is in the Client application list.
openId
, profile
, and email
checkboxes.
WorkflowGen GraphQL API
in the list.
Pass Through or Filter an Incoming Claim
claim rule template, then click Next.
Pass through UPN
in the Claim rule name field.
UPN
in the Incoming claim type drop-down listweb.config
web.config
file and add the following properties under <appSettings>
:<CLIENT ID>
with the client identifier generated by AD FS for the WorkflowGen application.
<CLIENT SECRET>
with the shared secret generated for the WorkflowGen application.
<METADATA URL>
with the AD FS server's metadata URL. By default, it should look something like https://<adfs url>/adfs/.well-known/openid-configuration
.X-Frame-Options: DENY
header), it is strongly recommended that you set the value of ApplicationSecurityAuthSessionRefreshEnableIFrame
to N
. Otherwise, when the session expires and a user submits a form, they will be redirected for authentication and lose the data they entered in the form.
X-Frame-Options
header to allow specified origins to embed AD FS content in an iFrame. In this case, you can set the value of ApplicationSecurityAuthSessionRefreshEnableIFrame
to Y
, because the automatic refresh will work as expected.web.config
.web.config
file and add the following property under <appSettings>
:<SECRET>
with a value that can't be guessed, such as a UUID.web.config
files of certain modulesAdvantys.Security.JWTAuthenticationModule
WorkflowGen authentication module, but certain other modules should not because they are either public or aren't part of the global authentication system.web.config
, add the following property:auth
module's web.config
, add the following property:hooks
and scim
modules as well.
\wfgen\bin
to each custom webform's \bin
folder (\wfgen\wfapps\webforms\<custom webform>\bin
):
Advantys.My.dll
Advantys.Security.dll
Newtonsoft.Json.dll
jose-jwt.dll
WorkflowGen Plus
workflowgenplus://oidc
WorkflowGen Plus
native application in your AD FS WorkflowGen application group.openid
, profile
, and email
scopes are checked.
My Server Application
openid
, profile
, and email
scopes are checked.
My Server Application
Non Interactive Client
The OAuth2 implicit grant is notorious for being the grant with the longest list of security concerns in the OAuth2 specification. And yet, that is the approach implemented by ADAL JS and the one we recommend when writing SPA applications. What gives? It’s all a matter of tradeoffs: and as it turns out, the implicit grant is the best approach you can pursue for applications that consume a Web API via JavaScript from a browser.
My Single-Page App
https://mysinglepageapp.com/callback
openid
, profile
, and email
scopes are checked.
workflowgenplus://
auth.init
adfs
https://mycompany.com/wfgen
)
6g909d00-8580-49a4-9003-a30f6b87ae86
)
mycompany.com
)
https://mycompany.com/wfgen/graphql
)\ws\wfgen
application.
web.config
file (located in \Inetpub\wwwroot\wfgen
), add the following under <location path="ws" inheritInChildApplications="false">
:
web.config
file.ApplicationSecurityAuthSessionTokenCookie
wfgen_token
✏️ Note: This is useful when you have multiple instances of WorkflowGen running and you want to have access to both and be authenticated on both instances at the same time.ApplicationSecurityAuthSessionTimeOut
ApplicationSecurityAuthMobileSessionTimeOut