Being new to ADFS scene we're trying to figure out passing AD attributes as claims to a sample native client app in .NET Framework 4.8 (outside requirement) using MSAL (Microsoft.Identity.Client.4.61.1\lib\net462\Microsoft.Identity.Client.dll).
The code is straightforward (WinForm with 2 buttons Login, Logout and a textbox to list the claims):
ADFS 4.0 is installed on WinSrv2022 Std 21H2 (20348.2527). Login button opens Edge with proper address, ADFS log-in page accepts credentials and returns with "Auth is successful, you can close the browser tab/window now". Logout button also properly opens Edge and returns a message that user was logged-off. Therefore, our conclusion is that authentication works..
But no matter what, we only get a list of these 10 claims, no AD attributes show up:
Adding profile, allatclaims scopes changes nothing; and even user.read scope is irrelevant, as commenting it out produces same result (as seen on Pic #2).
ADFS configuration is as follows.
Relying Party Trusts:
Claims Provider Trusts:
Application Groups:
Existing questions are either too old (thus referring to obsolete components or solutions or refer to no longer existing articles), do not address the issue, or simply don't have answers. We need at least objectGUID (also gvenname and surname and a few others). Closest is this Q from 2014, but it doesn't seem to work.
