如何使用OAuth和Active Directory在互联网上实施单点登录
[英]How would I implement single sign on, over the internet, using both OAuth and Active Directory
问题描述
OAuth is obviously a godsend when it comes to doing single-sign on, although there are doubtless headaches involved in merging different applications' user databases, but we also have a customer requirement to support Active Directory. 
OAuth显然是进行单点登录的天赐之物,尽管合并不同应用程序的用户数据库无疑会带来很多麻烦,但是我们也有支持Active Directory的客户要求。 Can anyone suggest any suitable architectures (or indeed resources/information on the web) for having multiple websites achieve single sign on, using both OAuth and Active Directory? 谁能使用OAuth和Active Directory建议任何合适的体系结构(或者实际上是网络上的资源/信息)来使多个网站实现单点登录? It's conceivable that one domain could be set to be either one or the other, but the ideal would be that we cope with both (eg attempt AD auth and fallback to OAuth if not, perhaps?). 可以将一个域设置为另一个域,这是可以想象的,但是理想的情况是我们同时处理这两个域(例如,尝试AD身份验证,如果没有,则回退到OAuth吗?)。
We're a primarily Java-based development house, with rich-client web front-ends. 我们是一家主要基于Java的开发机构,具有富客户端Web前端。 We do use EC2 for some of our apps, but also host on our own servers. 我们确实将EC2用于某些应用程序,但也托管在我们自己的服务器上。 Ideally any solution would not care about the location of the application itself. 理想情况下,任何解决方案都不关心应用程序本身的位置。
All suggestions and opinions welcome. 欢迎所有建议和意见。
1 个解决方案
解决方案1
1 已采纳 2013-11-11 19:46:23
You might consider some form of identity federation using SAML-P or WS-Federation. 您可能考虑使用SAML-P或WS-Federation的某种形式的身份联合。
ADFS in Server 2012 R2 comes with OAuth2 support. Server 2012 R2中的ADFS带有OAuth2支持。 Or you could look into AuthorizationServer . 或者,您可以查看AuthorizationServer 。
But it might be worth reading this , first. 但它可能是值得一读此 ,第一。 Good luck! 祝好运!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.