使用 AD 组成员信息从 ADFS 请求令牌
[英]Requesting Token from ADFS with AD Group Membership Info
问题描述
I have a rest client application and I want to be able to get an access token from ADFS /token endpoint for that client.
我有一个 rest 客户端应用程序,我希望能够从该客户端的 ADFS /token 端点获取访问令牌。 The client will be used by existing AD Users, and I want to get the Group Membership of the AD User in the access token.客户端将由现有的 AD 用户使用,我想在访问令牌中获取 AD 用户的组成员身份。
How can I send my AD User Credentials to ADFS and get the AD Group Membership Info of that AD User in the access token as claims?如何将我的 AD 用户凭据发送到 ADFS 并在访问令牌中获取该 AD 用户的 AD 组成员信息作为声明?
I know the solution for the case of " /authorize endpoint and entering the credentials in the login popup ".我知道“ /authorize endpoint and entering the credentials in the login popup ”的解决方案。 What I am asking is how to do that with a client app where the credentials should be somehow encoded and sent to adfs /token endpoint .我要问的是如何使用客户端应用程序执行此操作,其中凭据应以某种方式编码并发送到 adfs /token endpoint 。
1 个解决方案
解决方案1
0 2020-02-25 09:47:18
You should review https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios as that has details of the supported flows and samples for those scenarios.您应该查看https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios因为它包含支持流程的详细信息以及这些场景的示例。
What you are asking to do is the Resource owner password credential flow and is not recommended.您要执行的是资源所有者密码凭据流程,不建议这样做。 https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios#resource-owner-password-credentials-grant-flow-not-recommended https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios#resource-owner-password-credentials-grant-流程不推荐
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.