The Problem:
There are properties in ADFS 2019 that indicate that you can enable CORS Headers for the ADFS Login Page and set the allowed origins.
Get-AdfsProperties
CORSEnabled : False
CORSTrustedOrigins :
But the corresponding Set-AdfsProperties
lists no switches to actually set these properties.
So here's the question. How does one manage to set these properties?
Full disclosure:
I manage to actually set these two options by connecting to the WID via SSMS and dumping the XML that hold the properties from the ServiceSettings
table, changing the appropriate properties, and then updating the XML in the WID.
Get-AdfsProperties
CORSEnabled : True
CORSTrustedOrigins : {https://localhost:5001, https://localhost:8081}
It works. Which is ok for my testing purposes but in no way ok for the CI/CD environment I'm currently in the process of setting up that needs to automatically add and remove values from the CORSTrustedOrigins
property.
Additional information:
These properties are new in ADFS 2019, ADFS 4.0 didn't support CORS and the only way to get that running is by putting a reverse proxy in front of it to put the proper CORS Headers in the response.
I am currently trying that solution but I'm running into problems there as well. But that's nothing for this question.
Edit 1:
So because I'm an inquisitive developer I started to use dotPeak on the Microsoft.IdentityServer.Management
components that contain the Set-AdfsProperties
cmdlet and I made an interesting find. There is no implementation to set the CORSEnabled
and CORSTrustedOrigins
as well as there seem to be methods to add custom headers to the responses which aren't implemented in the cmdlet as well.
So there basically isn't a way to actually use these advertised features. Except going into the Database to change the XML directly. Which looks to me like a bit of an oversight.