堆栈内存溢出
  简体   繁体   English

IBM APP ID with ADFS 使用 windows 集成身份验证 WIA

[英]IBM APP ID with ADFS using windows integrated authentication WIA

 原文  2020-04-23 08:18:46       ibm-appid

问题描述

I Need help with APP ID service in IBM Cloud .我需要有关IBM CloudAPP ID服务的帮助。

I have a configuration with a Loopback application residing in IBM Cloud which uses the APP ID service to perform SSO automated login.我有一个位于 IBM Cloud 中的 Loopback 应用程序的配置,它使用APP ID服务来执行SSO自动登录。

APP ID service is configured with one identity provider: APP ID服务配置了一个身份提供者:

SAML 2.0 Federation SAML Federation is configured to work with ADFS which I have setup with an Azure virtual machine for test and our customers production ADFS . SAML 2.0 联合SAML 联合配置为与ADFS一起使用,我已使用 Azure 虚拟机进行设置,用于测试和我们的客户生产ADFS

The solution works and my SSO request is relayed:该解决方案有效,我的SSO请求被转发:

> APP ID > ADFS

and authentication is performed and I can log in to the system.并进行身份验证,我可以登录系统。

Problem:问题:

The problem is that ADFS is always using the Form-based Authentication , but I need to use the Windows Integrated Authentication ie the customer when logged in to the corporate network is never asked for credentials.问题是ADFS始终使用基于表单的身份验证,但我需要使用Windows 集成身份验证,即从不要求客户登录公司网络时提供凭据。

I have together with the ADFS administrator troubleshoot the windows side and can not see any irregularities.我与 ADFS 管理员一起对 windows 端进行了故障排除,看不到任何异常情况。

Questions:问题:

  1. Does APP ID service support Windows Integrated Authentication and what can I do to enable it? APP ID服务是否支持Windows 集成认证,如何启用?
  2. How to troubleshoot the workings of APP ID service, logs, etc.如何排查APP ID服务、日志等工作问题

1 个解决方案

解决方案1
 0  2020-10-30 07:25:16

You can customize the AuthnContext using the management API -您可以使用管理 API 自定义 AuthnContext -

https://<region-endpoint>.appid.cloud.ibm.com/swagger-ui/#/Management%20API%20-%20Identity%20Providers/mgmt.set_saml_idp https://<region-endpoint>.appid.cloud.ibm.com/swagger-ui/#/Management%20API%20-%20Identity%20Providers/mgmt.set_saml_idp

urn:federation:authentication:windows is currently not supported. urn:federation:authentication:windows当前不受支持。 However, you can try updating the authnContext to either urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified or just an empty object ( "authnContext": {} )但是,您可以尝试将authnContext更新为urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified或只是一个空的 object ( "authnContext": {} )

In my experience, it works for me by updating with an empty object.根据我的经验,它可以通过使用空的 object 进行更新来为我工作。

Ref Managing App ID with the API: https://cloud.ibm.com/docs/appid?topic=appid-manging-api参考使用 API 管理应用程序 ID: https://cloud.ibm.com/docs/appid?topic=appid-manging-api

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 IBM Cloud App ID:忘记密码和重新认证流程 - IBM Cloud App ID: Forget Password and re-authentication flow 在IBM Cloud Kubernetes Service中使用IBM App ID时,不会触发认证过程 - Authentication Process is not triggered when using IBM App ID in IBM Cloud Kubernetes Service IBM App ID定制/品牌UI - IBM App ID customization / branded UI 如何将IBM Cloud Functions与App ID集成以进行身份​​验证? - How to integrate IBM Cloud Functions with App ID for authentication? 如何在Python Flask中从IBM Cloud App ID注销/注销 - How to logout / signout from IBM Cloud App ID in Python Flask IBM App ID:在供应期间配置自定义加密的参数是什么? - IBM App ID: What are the parameters to configure custom encryption during provisioning? 如何从SAML支持的IBM App ID通过API获取令牌? - How to get token via API from IBM App ID backed by SAML? IBM App ID - 无法在 OAuth 2.0 授权代码流中获取访问令牌中的自定义范围 - IBM App ID - Cannot get custom scopes in access token in OAuth 2.0 Authorization Code Flow 通过 IBM app-id 向 React 应用程序添加用户授权和身份验证 - Adding user authorization and authentication to React application via IBM app-id Node.js中的ibm应用程序ID注销 - ibm App ID logout in nodejs
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM