需要帮助通过 Azure AD 获取 Azure AD B2C SSO
[英]Need help getting Azure AD B2C SSO with Azure AD
问题描述
I'm trying to set up a page with an Azure AD B2C Sign-Up and Sign-In User Flow, which will then automatically log in to Azure AD as part of the flow.
我正在尝试使用 Azure AD B2C 注册和登录用户流设置一个页面,然后它将作为流的一部分自动登录到 Azure AD。 Specifically, I'm trying to create a User Flow that will allow the user to sign in to Azure AD B2C, and automatically have them sign in to Power Apps as a consequence.具体来说,我正在尝试创建一个用户流,允许用户登录到 Azure AD B2C,并因此自动让他们登录到 Power Apps。 I'm using the following document as a guide:我使用以下文档作为指南:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-user-flow https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-user-flow
I've confirmed the pre-requisite part is working.我已经确认先决条件部分正在工作。 On my Sign up and Sign In page, I'm able to create an account, and I'm able to log in with the account.在我的注册和登录页面上,我可以创建一个帐户,并且可以使用该帐户登录。 However, when I log in, I am not being automatically logged in to the Azure AD account as I would expect.但是,当我登录时,并没有像预期的那样自动登录到 Azure AD 帐户。
I have a whole bunch of screenshots I've taken with obfuscated data, if they would help, but I think the piece of the puzzle that likely explains the problem is this one:我有一大堆我用混淆数据拍摄的截图,如果他们有帮助的话,但我认为可能解释问题的难题是这个:
This seems pretty similar to how it is configured over on the other side of the equation:这似乎与等式另一端的配置方式非常相似:
However, there seems to be a key difference between the two.但是,两者之间似乎存在关键区别。 In the former case, I get a URL of the following format:在前一种情况下,我得到以下格式的 URL:
https://[B2CDOMAIN].b2clogin.com/[B2CDOMAIN].onmicrosoft.com/oauth2/v2.0/authorize?p=[B2CUserFlow]&[MORE QUERY STRING STUFF] https://[B2CDOMAIN].b2clogin.com/[B2CDOMAIN].onmicrosoft.com/oauth2/v2.0/authorize?p=[B2CUserFlow]&[更多查询字符串]
In the latter, my URL looks like this:在后者中,我的 URL 如下所示:
https://[B2CDOMAIN].b2clogin.com/[A GUID]/[B2CUserFlow]/oauth2/v2.0/authorize?[MUCH MORE QUERY STRING STUFF BUT NO p= ONE]. https://[B2CDOMAIN].b2clogin.com/[A GUID]/[B2CUserFlow]/oauth2/v2.0/authorize?[更多查询字符串,但没有 p=ONE]。
I don't know if this gives any indications, or if it's just a red herring.我不知道这是否给出了任何迹象,或者这只是一个红鲱鱼。 At the moment, I'm not getting any errors or anything - I'm simply not being signed in on the Azure AD side.目前,我没有收到任何错误或任何东西 - 我只是没有在 Azure AD 端登录。
1 个解决方案
解决方案1
0 2022-07-12 05:13:49
The default behaviour for this is that you have to select the AAD button to kick off the federation.默认行为是您必须选择 AAD 按钮才能启动联合。
If you want to login automatically (no button click) you have to use custom policies.如果您想自动登录(不点击按钮),您必须使用自定义策略。
So you login to your local account and then the policy takes you to AAD where you should be logged in as long as the custom policy is set up for SSO .因此,您登录到您的本地帐户,然后策略会将您带到 AAD,只要为SSO设置了自定义策略,您就应该在其中登录。
I've never done this for OIDC but I have for SAML and it works there.我从来没有为 OIDC 做过这件事,但我为 SAML 做过,它在那里工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.