Office 365单一登录集成
[英]Office 365 Single Sign On integration
问题描述
We have integrated login with Office 365 into our system and encountered an issue. 
我们已将Office 365登录信息集成到我们的系统中,并遇到了问题。 When users try to sign up from a school domain, we are able to create one account only. 当用户尝试从学校域注册时,我们只能创建一个帐户。 All accounts from one domain have the same account ID and we are unable to differ them. 一个域中的所有帐户都具有相同的帐户ID,我们无法对其进行区别。 For example we receive the same account ID for alice@sample.com and bob@sample.com email addresses. 例如,对于alice@sample.com和bob@sample.com电子邮件地址,我们收到相同的帐户ID。 A big problem we currently have is, after alice@sample.com signs up and the account is created, when bob@sample.com tries to sign up, he is logged into Alice's account. 我们当前遇到的一个大问题是,在alice@sample.com注册并创建帐户后,当bob@sample.com尝试注册时,他登录了Alice的帐户。 The mechanism we are using for Microsoft SSO is absolutely the same as we do with Google, Edmodo or other SSO providers. 我们用于Microsoft SSO的机制与我们使用Google,Edmodo或其他SSO提供者的机制完全相同。 How can we address this? 我们该如何解决?
We are using oAuth2. 我们正在使用oAuth2。 For all email addresses of the same domain, we receive the same officeID. 对于同一域的所有电子邮件地址,我们收到相同的officeID。
$jsonResponse = oAuthService::getTokenFromAuthCode($auth_code, $redirectUri); $jsonAccessTokenPayload = json_decode($decodedAccessTokenPayload, true); $officeId = $jsonAccessTokenPayload['tid'];
1 个解决方案
解决方案1
3 已采纳 2017-03-27 15:26:24
tid is the tenant ID. tid是租户ID。 It is intended to be identical for different users in the same Azure AD tenant. 对于同一Azure AD租户中的不同用户,此名称应相同。
You probably want to use the oid value (Object ID). 您可能要使用oid值(对象ID)。 That is unique and immutable for each user in the tenant. 对于租户中的每个用户而言,这都是唯一且不变的。
You could combine the two to get a tenant identifier along with the user's object ID. 您可以将两者结合起来以获得租户标识符以及用户的对象ID。
All the JWT token and claim values are explained on this page . 所有JWT令牌和声明值都在此页面上进行了说明。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.