堆栈内存溢出
  简体   繁体   English

多个应用程序的 B2C SSO 行为

[英]Behavior of B2C SSO for multiple applications

 原文  2019-01-04 14:24:35       azure/ azure-ad-b2c

问题描述

We need to support SSO for multiple applications within the same Azure B2C tenant.我们需要为同一 Azure B2C 租户中的多个应用程序支持 SSO。 Azure B2C supports this and I have configured my relying party custom policies accordingly. Azure B2C 支持这一点,我已经相应地配置了我的信赖方自定义策略。

My custom policies have a journey step in which additional information of the user is validated against an API.我的自定义策略有一个旅程步骤,其中根据 API 验证用户的其他信息。 When this validation fails an error is thrown and the JWT token is not issued for that user journey.当此验证失败时,将引发错误并且不会为该用户旅程颁发 JWT 令牌。 This user journey works, but has issues with SSO:此用户旅程有效,但存在 SSO 问题:

After the user has signed in successfully into application A, he tries to sign into application B. When validation of the user information is successful, the user is signed in to application B.用户成功登录应用程序A后,尝试登录应用程序B。用户信息验证成功后,用户登录应用程序B。

When the validation step in the custom policy for application B fails, however, an error is passed to the application without issuing a JWT token.但是,当应用程序 B 的自定义策略中的验证步骤失败时,错误会传递给应用程序,而不会发出 JWT 令牌。

What happens in the latter case is that the sso (x-ms-cpim-sso) cookie is removed, too, and the user is in fact signed out from all applications, also from application A and SSO is not working anymore.在后一种情况下发生的情况是 sso (x-ms-cpim-sso) cookie 也被删除,并且用户实际上从所有应用程序中注销,也从应用程序 A 和 SSO 不再工作。 The user has to sign into application A again.用户必须再次登录应用程序 A。

I tried changing the underlying technical profile from using Web.TPEngine.SSO.NoopSSOSessionProvider to Web.TPEngine.SSO.DefaultSSOSessionProvider, but then the user is signed into application B without any validation errors, while he should not be signed in.我尝试将底层技术配置文件从使用 Web.TPEngine.SSO.NoopSSOSessionProvider 更改为 Web.TPEngine.SSO.DefaultSSOSessionProvider,但随后用户在没有任何验证错误的情况下登录到应用程序 B,而他不应该登录。

Is there any way to control this behaviour, such that the user keeps signed in with B2C after successfully signing in to application A, but is not issued a token for application B when one of the policies fail to execute normally?有什么办法可以控制这种行为,使用户在成功登录应用程序 A 后保持使用 B2C 登录,但当其中一个策略无法正常执行时,不会为应用程序 B 颁发令牌?

1 个解决方案

解决方案1
 0  2021-05-18 06:17:30

I just had the same requirement and solved it by changing the SSO Azure AD B2C session behavior to Application :我只是有相同的要求,并通过将 SSO Azure AD B2C 会话行为更改为Application来解决它:

<UserJourneyBehaviors>
   <SingleSignOn Scope="Application" />
</UserJourneyBehaviors>

This setting allows you to maintain a user session exclusively for an application, independent of other applications.此设置允许您专门为某个应用程序维护用户会话,而与其他应用程序无关。 For example, you can use this setting if you want the user to sign in to Contoso Pharmacy regardless of whether the user is already signed into Contoso Groceries.例如,如果您希望用户登录 Contoso Pharmacy,无论用户是否已登录 Contoso Groceries,都可以使用此设置。

Further reading: Configure Azure AD B2C session behavior进一步阅读: 配置 Azure AD B2C 会话行为

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure B2C 的 SSO - SSO for Azure B2C 单个或多个B2C应用程序用于API访问? - Single or Multiple B2C Applications for API Access? SSO 使用 Azure B2C 和具有不同域的多个自定义策略 - SSO using Azure B2C with multiple custom policies with different domains Azure B2C - 2 应用,不同协议 - Azure B2C - 2 Applications, Different Protocols 如何为Azure AD B2C配置SSO? - How to configure SSO for Azure AD B2C? 使用 azure ad b2c 的可选登录 + SSO - Optional sign in + SSO with azure ad b2c Azure AD B2C SSO 与 Sitecore 和 Dynamics 365 门户 - Azure AD B2C SSO with Sitecore and Dynamics 365 Portals Azure B2C SSO配置选项差异 - Azure B2C SSO configuration options differences 应用之间的Azure AD B2C SSO - Azure AD B2C SSO between Apps Azure B2C是否在多个应用程序之间提供“真正”的单点登录 - Does Azure B2C provide “true” single sign-on between multiple applications
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM