stackoom
  简体   繁体   中英

Authenticate against Windows Azure Active Directory (Web Service)

 原文  2014-09-16 03:03:28       php/ web-services/ mobile

Question

The project I'm working on is a set of web services that fetches data from a local database. The client wants to restrict access to only authorised users by validating their credentials against an Azure Active Directory.

I've taken a look at http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-get-started-users/ and a few other articles on how best to proceed with this but I can't seem to find a reliable way to do this.

I've tried to use cURL with the following xml - 

<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
        <a:To s:mustUnderstand="1">https://login.windows.net/[]/saml2</a:To>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >
            <o:UsernameToken>
              <o:Username>USERNAME</o:Username>
              <o:Password>PASS</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body>
        <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
            <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
                <a:EndpointReference>
                    <a:Address>https://login.windows.net/[]/saml2</a:Address>
                </a:EndpointReference>
            </wsp:AppliesTo>
            <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
            <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
            <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
        </trust:RequestSecurityToken>
    </s:Body>
</s:Envelope>

and the cURL command 

curl https://login.windows.net/[]/saml2 --data @tmp.xml  -H "Content-Type:application/soap+xml" -v

I keep getting "Not a valid saml2 request". Is there a way to do this via cURL? What would be the best way to do this authentication without having to redirect the user to a login page?

1 answers

solution1
 1  2014-09-20 21:32:06

For anyone else having this problem (and being completely new to SAML2), please check out SimpleSamlphp . I had my service running in a few minutes.

Note : This requires the application to be authorised as service provider with Azure. And if you have any issues with your registered application not being in Test Authentication sources, make sure your metadata key name is correct.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP LDAP Connection to Authenticate against Active Directory from External Server getting error when authenticate against active directory with php ldap How do I authenticate against Active Directory using php and CodeIgniter? Authenticate a PHP application using Azure Active Directory connection Authenticate against ldap using PHP, active directory, while using IE/Firefox PHP Web Service Nusoap in Windows Azure Connect to Azure Active Directory from PHP web application Authenticate web users against Tivoli with PHP (SSO) PHP - LDAP authentication against Windows 2003 Active Directory (User ID different from First Name and Last Name) Using SSL to Authenticate LDAP/Active Directory Login
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM