[英]IBM APP ID with ADFS using windows integrated authentication WIA
I Need help with APP ID service in IBM Cloud .我需要有关IBM Cloud中APP ID服务的帮助。
I have a configuration with a Loopback application residing in IBM Cloud which uses the APP ID service to perform SSO automated login.我有一个位于 IBM Cloud 中的 Loopback 应用程序的配置,它使用APP ID服务来执行SSO自动登录。
APP ID service is configured with one identity provider: APP ID服务配置了一个身份提供者:
SAML 2.0 Federation SAML Federation is configured to work with ADFS which I have setup with an Azure virtual machine for test and our customers production ADFS . SAML 2.0 联合SAML 联合配置为与ADFS一起使用,我已使用 Azure 虚拟机进行设置,用于测试和我们的客户生产ADFS 。
The solution works and my SSO request is relayed:该解决方案有效,我的SSO请求被转发:
> APP ID > ADFS
and authentication is performed and I can log in to the system.并进行身份验证,我可以登录系统。
Problem:问题:
The problem is that ADFS is always using the Form-based Authentication , but I need to use the Windows Integrated Authentication ie the customer when logged in to the corporate network is never asked for credentials.问题是ADFS始终使用基于表单的身份验证,但我需要使用Windows 集成身份验证,即从不要求客户登录公司网络时提供凭据。
I have together with the ADFS administrator troubleshoot the windows side and can not see any irregularities.我与 ADFS 管理员一起对 windows 端进行了故障排除,看不到任何异常情况。
Questions:问题:
You can customize the AuthnContext using the management API -您可以使用管理 API 自定义 AuthnContext -
https://<region-endpoint>.appid.cloud.ibm.com/swagger-ui/#/Management%20API%20-%20Identity%20Providers/mgmt.set_saml_idp https://<region-endpoint>.appid.cloud.ibm.com/swagger-ui/#/Management%20API%20-%20Identity%20Providers/mgmt.set_saml_idp
urn:federation:authentication:windows
is currently not supported. urn:federation:authentication:windows
当前不受支持。 However, you can try updating the authnContext
to either urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
or just an empty object ( "authnContext": {}
)但是,您可以尝试将
authnContext
更新为urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
或只是一个空的 object ( "authnContext": {}
)
In my experience, it works for me by updating with an empty object.根据我的经验,它可以通过使用空的 object 进行更新来为我工作。
Ref Managing App ID with the API: https://cloud.ibm.com/docs/appid?topic=appid-manging-api参考使用 API 管理应用程序 ID: https://cloud.ibm.com/docs/appid?topic=appid-manging-api
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.