在 Azure AAD oauth 身份验证中使用 saml 令牌
[英]Using saml tokens in Azure AAD oauth authentication
问题描述
I have an application that authenticates users agains Azure AD using OAuth and I want to provide the ability to setup certain information associated to each user by his admin in Azure AD, so I can read it as part of the authentication process.
我有一个应用程序,它使用 OAuth 再次对用户进行 Azure AD 身份验证,我希望能够让管理员在 Azure AD 中设置与每个用户关联的某些信息,以便我可以在身份验证过程中读取它。 I would also like to be able to use the claims functionality provided by Azure ActiveDirectory so the admin can define custom mappings between user attributes in his AD and what I am going to read, as explained here .我也想能够使用由Azure的ActiveDirectory中提供的索赔功能,使管理员可以定义他的广告和我所要读的用户属性之间的自定义映射,如解释在这里。
Apparently those claims can only be read from a SAML token that would be the result of a SAML authentication, but since I am already authenticating using OAuth I would like to avoid having to do that.显然,这些声明只能从 SAML 身份验证的结果的 SAML 令牌中读取,但由于我已经使用 OAuth 进行身份验证,因此我想避免这样做。 My question therefore is: can those SAML tokens or the information contained in them be obtained somehow either as part of the OAuth authentication process or afterwards?因此,我的问题是:这些 SAML 令牌或其中包含的信息是否可以作为 OAuth 身份验证过程的一部分或之后以某种方式获得?
1 个解决方案
解决方案1
1 2017-01-19 18:24:01
When you say "provided by ActiveDirectory" you mean Azure AD not on-premises AD?当您说“由 ActiveDirectory 提供”时,您的意思是 Azure AD 不是本地 AD?
There is no way currently to add claims to the token in Azure AD.目前无法向 Azure AD 中的令牌添加声明。 They are "canned".它们是“罐头”。
That link you refer to is for SaaS application in Azure.您引用的该链接适用于 Azure 中的 SaaS 应用程序。
The way to get information out of Azure AD is via the Graph API.从 Azure AD 获取信息的方法是通过 Graph API。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.