堆栈内存溢出
  简体   繁体   English

使用 Azure AD 和 Microsoft Graph API 的 SSO 究竟是如何完成的?

[英]How is SSO with Azure AD and Microsoft Graph API actually done?

 原文  2022-01-11 17:23:16       .net/ azure

问题描述

I was looking into SSO with Azure AD for a customer, and Microsoft seems to push towards the new Graph API .我正在为客户研究 Azure ADSSO ,微软似乎正在推动新的Graph API

Their documentation says that if your app/website authenticates with a password, you should do password authentication with the graph api.他们的文档说,如果您的应用程序/网站使用密码进行身份验证,您应该使用图表 api 进行密码身份验证。

But when going to the api reference, they say it's not available yet .但是当去 api 参考时, 他们说它还没有

So, how would we go about it, if at all?那么,如果有的话,我们将如何处理它?
Is it possible to integrate an existing login form with Azure AD?是否可以将现有的登录表单与 Azure AD 集成?
Is it possible to auto-detect the current windows domain user to bypass the login form, like the old days with on-prem AD?是否可以自动检测当前的 windows 域用户以绕过登录表单,就像过去使用本地 AD 一样?

Thanks.谢谢。

1 个解决方案

解决方案1
 0  2022-01-17 12:32:08

Is it possible to integrate an existing login form with Azure AD?是否可以将现有的登录表单与 Azure AD 集成?

Yes it is possible to integrate an existing login form with Azure AD provided the application for which you want to configure SSO is register in your Azure AD as an enterprise application.是的,可以将现有登录表单与 Azure AD 集成,前提是您要为其配置 SSO 的应用程序已在 Azure AD 中注册为企业应用程序。

For this you will have to register the application in Azure AD.为此,您必须在 Azure AD 中注册应用程序。 For more information please refer this MSDOC: Enable single sign-on for an enterprise application有关详细信息,请参阅此 MSDOC: Enable single sign-on for an enterprise application

Is it possible to auto-detect the current windows domain user to bypass the login form, like the old days with on-prem AD?是否可以自动检测当前的 windows 域用户以绕过登录表单,就像过去使用本地 AD 一样?

Yes, Once the SSO has been configured for that enterprise application you can by-pass the login form for that application,once the user has logged into the device through which it is accessing that application.是的,一旦为该企业应用程序配置了 SSO,您就可以绕过该应用程序的登录表单,一旦用户登录到访问该应用程序的设备。 For this purpose device needs to be join with Azure AD.为此,设备需要与 Azure AD 连接。

In case if you want to configure SSO for your Application through Graph API ,Kindly refer the below link for implementation/reference:如果您想通过Graph API为您的应用程序配置 SSO,请参考以下链接以获取实现/参考:

https://docs.microsoft.com/en-us/graph/application-saml-sso-configure-api https://docs.microsoft.com/en-us/graph/application-saml-sso-configure-api

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Microsoft Graph API 在 Azure AD 中创建用户得到 500 错误 - Microsoft Graph API Create User in Azure AD gets 500 error 无法从 Microsoft 图形 API 获取 Azure AD 中存在的用户 - Cannot fetch users present in Azure AD from Microsoft graph API Azure AD Graph API $ filter不能与空格一起使用 - Azure AD Graph API $filter not working with spaces 使用图谱API访问Azure AD B2C应用程序 - Accessing Azure AD B2C Applications using Graph API 使用.Net 4.0 Web表单和Azure AD实施SSO - Implementing SSO with .Net 4.0 webforms and Azure AD 如何使用 Microsoft Graph API 更新个人资料图片 - How to Update Profile Picture with Microsoft Graph API 通过 Microsoft Graph API 创建新的 AD B2C 用户 - Creating new AD B2C user via Microsoft Graph API ASP NET API - 使用 Azure AD SAML 协议验证用户,无需打开 Microsoft 登录页面 - ASP NET API - Authenticate users using Azure AD SAML Protocol without open Microsoft Login Page AZURE AD SSO无法验证我的.NET应用程序IIS - AZURE AD SSO does not authenticate my .NET application IIS 如何将 Azure AD 和非 Azure AD 令牌添加到同一个 .NET 核心 Z72664DC1959F3B0C047C048 - How I can add both Azure AD and non Azure AD tokens to the same .NET Core Api
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM