堆栈内存溢出
  简体   繁体   English

是否可以将经过身份验证的 Azure AD 用户(通过 ROPC)重定向到 Microsoft Teams?

[英]Is it possible to redirect authenticated Azure AD users (by ROPC) to Microsoft Teams?

 原文  2020-11-09 13:29:26       azure/ azure-active-directory

问题描述

I have been working on the development of a portal for a long time and one of the important modules of this portal is that it can login to 3rd party systems without asking username/password.我一直致力于门户的开发,这个门户的一个重要模块是它可以在不询问用户名/密码的情况下登录到第 3 方系统。 It can be called a simple SSO.它可以称为简单的 SSO。

At this point, I am trying to do this for Microsoft Teams :) I have user management authority in Azure AD, so I developed it with the ROPC user flow .此时,我正在尝试为 Microsoft Teams 执行此操作 :) 我在 Azure AD 中拥有用户管理权限,因此我使用 ROPC 用户流开发了它。 I successefully get token, but I could not find any document on how to redirect the user to Microsoft Teams page.我成功获得了令牌,但找不到任何有关如何将用户重定向到 Microsoft Teams 页面的文档。 Is it possible to do this or not?是否可以这样做?

Thank you in advance for your help.预先感谢您的帮助。

1 个解决方案

解决方案1
 0  2020-11-18 13:04:27

ROPC only supports a sign in flow. ROPC 仅支持登录流程。 ROPC flow using on other flows(Microsoft teams) there won't be Single sign on, you will be just using the token endpoint.在其他流(Microsoft 团队)上使用的 ROPC 流不会进行单点登录,您将只使用令牌端点。 We would recommend you to use other flows if there are any specific requirements with the teams use Microsoft Graph API.如果团队使用 Microsoft Graph API 有任何特定要求,我们建议您使用其他流程。 And Wrt Native app SSO using ROPC will not exhibit SSO across apps.并且使用 ROPC 的 Wrt Native 应用 SSO 不会在应用之间展示 SSO。 Native App SSO using MSAL or any library that can allow cookie sharing across Apps will support SSO.使用 MSAL 或任何允许跨应用程序共享 cookie 的库的本机应用程序 SSO 将支持 SSO。

Microsoft recommends you do not use the ROPC flow. Microsoft 建议您不要使用 ROPC 流。 In most scenarios, more secure alternatives are available and recommended.在大多数情况下,可以使用并推荐更安全的替代方案。 This flow requires a very high degree of trust in the application, and carries risks which are not present in other flows.此流程需要对应用程序具有非常高的信任度,并且会带来其他流程中不存在的风险。 You should only use this flow when other more secure flows can't be used.仅当无法使用其他更安全的流程时,才应使用此流程。

ROPC involves a user credentials while client creds are application credentials. ROPC 涉及用户凭据,而客户端凭据是应用程序凭据。 More damage can be done if a user identity get stolen.如果用户身份被盗,则会造成更大的损失。 app identity gets stolen you can't easily exploit it the same way as a user.应用程序身份被盗,您无法像用户一样轻松利用它。

Please refer this doc if you are looking to Develop SSO Microsoft teams tab如果您要开发 SSO Microsoft 团队选项卡,请参阅此文档

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在两个Microsoft Azure AD之间同步用户 - Sync users between two microsoft azure AD 资源所有者密码凭证 (ROPC) 是否适用于“临时”用户? - Does Resource Owner Password Credentials (ROPC) work with "ad hoc" users? Microsoft Graph Toolkit 对于某些 Azure AD 用户没有结果匹配 - Microsoft Graph Toolkit no have result match for some of the Azure AD users 如何将信号 r 通知发送到 azure 广告从 azure ZC1C425268E68385D14ZA 应用程序验证的用户? - how to send signal r notification to azure ad authenticated users from azure function app? 无法使用 Microsoft Graph 登录 Azure AD 租户的用户 - Cannot get signed in users of Azure AD tenant using Microsoft Graph 无法为 Office 组和安全组中的大量用户添加 Teams 应用程序(通过 Azure AD Connect 创建的组) - Unable to add Teams App for Bulk of users in Office group and Security group (groups created via Azure AD Connect) Microsoft Azure AD筛选 - Microsoft Azure AD Filtering Azure AD-邀请用户 - Azure AD - Inviting Users Azure AD 中的重复用户 - Duplicated users in Azure AD 使用 Azure AD 登录用户 - Login users with Azure AD
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM