Added ADFS Provider

docs/docs/configuration/alpha_config.md

@@ -101,6 +101,16 @@ You must remove these options before starting OAuth2 Proxy with `--alpha-config`
 ## Configuration Reference
 <!--- THIS FILE IS AUTOGENERATED!!! DO NOT EDIT!!! -->
 
+### ADFSOptions
+
+(**Appears on:** [Provider](#provider))
+
+
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| `skipScope` | _bool_ | Skip adding the scope parameter in login request<br/>Default value is 'false' |
+
 ### AlphaOptions
 
 AlphaOptions contains alpha structured configuration options.
@@ -284,6 +294,7 @@ Provider holds all configuration for a single provider
 | `clientSecretFile` | _string_ | ClientSecretFile is the name of the file<br/>containing the OAuth Client Secret, it will be used if ClientSecret is not set. |
 | `keycloakConfig` | _[KeycloakOptions](#keycloakoptions)_ | KeycloakConfig holds all configurations for Keycloak provider. |
 | `azureConfig` | _[AzureOptions](#azureoptions)_ | AzureConfig holds all configurations for Azure provider. |
+| `ADFSConfig` | _[ADFSOptions](#adfsoptions)_ | ADFSConfig holds all configurations for ADFS provider. |
 | `bitbucketConfig` | _[BitbucketOptions](#bitbucketoptions)_ | BitbucketConfig holds all configurations for Bitbucket provider. |
 | `githubConfig` | _[GitHubOptions](#githuboptions)_ | GitHubConfig holds all configurations for GitHubC provider. |
 | `gitlabConfig` | _[GitLabOptions](#gitlaboptions)_ | GitLabConfig holds all configurations for GitLab provider. |
@@ -297,7 +308,7 @@ Provider holds all configuration for a single provider
 | `loginURL` | _string_ | LoginURL is the authentication endpoint |
 | `redeemURL` | _string_ | RedeemURL is the token redemption endpoint |
 | `profileURL` | _string_ | ProfileURL is the profile access endpoint |
-| `resource` | _string_ | ProtectedResource is the resource that is protected (Azure AD only) |
+| `resource` | _string_ | ProtectedResource is the resource that is protected (Azure AD and ADFS only) |
 | `validateURL` | _string_ | ValidateURL is the access token validation endpoint |
 | `scope` | _string_ | Scope is the OAuth scope specification |
 | `prompt` | _string_ | Prompt is OIDC prompt |

docs/docs/configuration/auth.md

@@ -9,6 +9,7 @@ Valid providers are :
 
 - [Google](#google-auth-provider) _default_
 - [Azure](#azure-auth-provider)
+- [ADFS](#adfs-auth-provider)
 - [Facebook](#facebook-auth-provider)
 - [GitHub](#github-auth-provider)
 - [Keycloak](#keycloak-auth-provider)
@@ -88,6 +89,21 @@ Note: The user is checked against the group members list on initial authenticati
 
 Note: When using the Azure Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the [redis session storage](sessions.md#redis-storage) should resolve this.
 
+### ADFS Auth Provider
+
+1. Open the ADFS administration console on your Windows Server and add a new Application Group
+2. Provide a name for the integration, select Server Application from the Standalone applications section and click Next
+3. Follow the wizard to get the client-id, client-secret and configure the application credentials
+4. Configure the proxy with
+
+```
+   --provider=adfs
+   --client-id=<application ID from step 3>
+   --client-secret=<value from step 3>
+```
+
+Note: When using the ADFS Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the [redis session storage](sessions.md#redis-storage) should resolve this.
+
 ### Facebook Auth Provider
 
 1.  Create a new FB App from <https://developers.facebook.com/>