First published on MSDN on Dec 10, 2018
Authored by Andreas Helland
How do I use certificates for authenticating against an ADFS server while using OAut...
Published Feb 13, 2019
Version 1.0
Blog Post
This is an article I haven't touched in a long time 🙂
First things first; the code is using ADAL so I do not recommend using that - MSAL would be the way to go now. (And of course the C# code is not of the latest version either.)
I don't remember which version of ADFS I was testing against, but logic has it that it would be Windows Server 2016 looking at the time stamp. So, there would be new versions of ADFS as well since this article.
I have new samples on both JWT generation and validation though.
Now, your question doesn't really touch this directly so that's more about painting the back drop.
The approach in the article quite correctly does not scale to a large number of certificates. For a use case where you have a few server side apps this might not be a problem, but if the use case is that you have a large number of users you probably don't want to generate or upload them like this.
To be honest I have not researched what non-interactive ways to upload might exist in ADFS 2022, and I don't know if there is a maximum of how many certs can be uploaded.
Your question isn't silly - I see how client certs is an upgrade over passwords in many ways. It's just so painful to work with client certs 🙂
I don't have the perfect solution right off the bat. Initially guessing I would like into things like smartcards (that have a plug-in for ADFS), or creating your own plug-in for that matter. The recommendation on a higher level would be to look into solving things with Azure AD instead of ADFS regardless of certificates, but that's potentially a bigger task to solve.