Not getting user identity in JWT used in OAuth2 access token from ADFS 3.0

Question

I'm using the authorization flow supported in ADFS 3.0 in the following way,

1. Browser connects to MyService
2. MyService redirects browser to ADFS for OAuth
3. Browser connects to ADFS for OAuth Authorization code
4. ADFS authenticates the users through the browser
5. ADFS redirects the browser back to MyService along with authorization code
6. Browser connects to MyService and passes the authorization token
7. MyService connects to ADFS and gets the access token from the authorization token

However, the access token is missing the user identity and MyService is unable to identify the user.

The access token has the following JWT information.

{ "aud": "urn:relying:party:trust:identifier",
"iss": "http://ms.cloud.com/adfs/services/trust",
"iat": 1452875046,
"exp": 1452878646,
"auth_time": "2016-01-15T15:35:20.248Z",
"authmethod": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
"ver": "1.0",
"appid": "my-app" }

Can someone inform me as to how can MyService identify the user once it gets the access token from ADFS?

Answer 1

claim rules in relying party trust need to define the claims to be sent as part of JWT token. Once we added the claim rules for email, name etc, the information was added to the JWT access token.