[英]How Do I Add More Claims to the Identity Token in ADFS Using ADAL Libraries?
This may be a simple question but I'm pretty new to ADFS, but I'm using ADAL Libraries for ADFS and I'm wondering if I can get claims to show up in the short lived identity token as opposed to the accessToken. 这可能是一个简单的问题,但是我对ADFS还是很陌生,但是我正在使用ADAL库作为ADFS,我想知道是否可以通过短暂的身份令牌(而不是accessToken)显示声明。
I have this code: 我有以下代码:
var authContext = new AuthenticationContext(authority, false);
var authResult = await authContext.AcquireTokenAsync(resourceURI, clientID, new Uri(clientReturnURI), new PlatformParameters(PromptBehavior.Auto));
And the authResult
gives me two tokens: the accessToken
and the IdToken
and all the claims I've set in ADFS shows up in in the accessToken
. authResult
给了我两个令牌: accessToken
和IdToken
,我在ADFS中设置的所有声明都显示在accessToken
。 But I wanted the accessToken
to only include an identifier like a GUID (to keep it small), and keep information about the user (name, email, etc.) in an IdToken. 但是我希望
accessToken
仅包括一个GUID之类的标识符(以使其较小),并将有关用户的信息(姓名,电子邮件等)保留在IdToken中。
If you are using ADFS 2016 then you can look at Customize claims to be emitted in id_token when using OpenID Connect or OAuth with AD FS 2016 as ADFS 2016 has the capability to customize the id_token for OpenID connect scenarios. 如果您使用的是ADFS 2016,则可以在将OpenID Connect或OAuth与AD FS 2016一起使用时查看Customize在id_token中发出的声明,因为ADFS 2016可以针对OpenID Connect方案自定义id_token。 You can see these additional claims as part of id_token using the same code to access claims.
您可以使用相同的代码访问声明,将这些其他声明视为id_token的一部分。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.