Hi everyone,

I have the following task: Connect to a SharePoint 2016 Site which is Secured by ADFS using an Angular Client.

The parties I have are: 

* Angular JS Client Application using ADAL

* WCF Middleware also using AuthenticationContext

* ADFS on Server 2016

* SharePoint 2016 Server

The flow of my setup is as follows:

1) The user opens a site. He gets redirected to ADFS and enters his credentials

2) I get a token back from ADFS which looks good. Audience is a Native App which I configured on ADFS. I also have no errors in the Event log on the ADSF Server

3) The Angular App Calls my WCF API and sends the token

4) The WCF creates a User Assertion Object and trys to obtain a token to access SharePoint using Clientcontext

----- Error happens here------

5) I should get back another token valid for access SharePoint

6) I use clientcontext to get data from the SP Site

7) SP returns the infos

8) The WCF sends the data to the client which displays it for the user

The Problem is that after step 4 I get one of these errors that says:

* AADSTS50013: Assertion contains an invalid signature. [Reason - The key was not found

* MSIS9605: The client is not allowed to access the requested resource

* MSIS9602: The received 'resource' parameter is invalid. The authorization server can not find a registered resource with the specified identifier

In the ADFS Management Console I created a Application Group. In this group I have a Server Application where I specified ClientID and redirect Uri. These settings are used in the Angular App.

I also have a Web API Application in the group. There I configured my IIS Site and SharePoint Site as Relying party identifiers.

I obviously don't fully understand the connection of my Applications to the SharePoint. 

Can anybody help me out here?

Thx 

Alex