[英]Azure AD Authentication with existing application
I have got an existing application for which the customers want to enable Azure AD authentication. 我有一个现有的应用程序,客户想要为其启用Azure AD身份验证。 What I cannot understand is how to create an association between the existing application users, and the correspondent Azure user.
我无法理解的是如何在现有应用程序用户和对应的Azure用户之间创建关联。
I have seen that once the user is authenticated with Azure, the application gets a UserInfo object that contains info such as GivenName, FamiliName,... but those are not enough to identify the user in the existing application. 我已经看到,一旦用户通过Azure进行身份验证,该应用程序就会获得一个UserInfo对象,该对象包含诸如GivenName,FamiliName等信息,但是这些信息不足以在现有应用程序中标识该用户。
It will be good if the customer could associate themselves the Azure users to the existing application username (for instance), and then somehow the application could retrieve this information after the Azure authentication. 如果客户可以将自己的Azure用户关联到现有的应用程序用户名(例如),然后以某种方式应用程序可以在Azure身份验证之后检索此信息,那将是很好的。 Do you have any tip to point in a possible approach for this issue?
您是否有任何技巧指出解决此问题的可能方法?
Azure Active Directory supports following protocols for authentication : Azure Active Directory支持以下身份验证协议:
cf. 比照 https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-protocols
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-protocols
By configuring application registration in Azure AD you can add to authentication token different claims mapped to user attributes (ie SAML claims : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization ) 通过在Azure AD中配置应用程序注册,您可以向身份验证令牌添加映射到用户属性的不同声明(即SAML声明: https : //docs.microsoft.com/zh-cn/azure/active-directory/develop/active-directory- saml-claims-customization )
If you need to preprovision users in application from Azure AD you can use SCIM protocol : https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/use-scim-to-provision-users-and-groups 如果需要在Azure AD的应用程序中预先配置用户,则可以使用SCIM协议: https ://docs.microsoft.com/zh-cn/azure/active-directory/manage-apps/use-scim-to-provision-users -and-组
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.