stackoom
  简体   繁体   中英

How to make Azure AD use SAML2

 原文  2018-10-16 09:21:05       azure/ authentication/ azure-active-directory/ saml-2.0

Question

I want to be able to use Azure AD with SAML2

To my understanding, the Azure AD will work as the IdP while I will host the STS myself

I have already set my application up to use Azure AD and SAML on their own. However, combining the two seems to cross some wires.

In my application's web.config, I have the following XML, which has worked with SAML: 

  <sustainsys.saml2 entityId="https://saml-dc.qa.mycompany.com/Saml2/Acs" expectSignatureInXml="false" returnUrl="https://saml-dc.qa.mycompany.com" minIncomingSigningAlgorithm="SHA256" authenticateRequestSigningBehavior="Never">
<metadata cacheDuration="0:0:42" validDuration="7.12:00:00" wantAssertionsSigned="false">
  <requestedAttributes>
    <add name="Minimal" />
  </requestedAttributes>
</metadata>
<identityProviders>
  <add entityId="https://sts.windows.net/86e70697-498c-45e7-862a-c66e65ed3864/" signOnUrl="https://login.microsoftonline.com/86e70697-498c-45e7-862a-c66e65ed3864/saml2" allowUnsolicitedAuthnResponse="false" binding="HttpRedirect" loadMetadata="true" metadataLocation="https://login.microsoftonline.com/86e70697-498c-45e7-862a-c66e65ed3864/federationmetadata/2007-06/federationmetadata.xml?appid=9a8b9faf-9f86-4e98-806c-9c210642edec">
    <!--signingCertificate storeName="My" storeLocation="LocalMachine" findValue="myThumbprint" x509FindType="FindByThumbprint" /-->
  </add>
</identityProviders>

I get the following error when logging in:

AADSTS700016: Application with identifier ' https://saml-dc.qa.MyCompany.com/Saml2/Acs ' was not found in the directory '86e70697-498c-45e7-862a-c66e65ed3864'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant

The "MyCompany" is a substitute

I'm still quite new to using SAML - but I do grasp the basics of it. Please feel free to correct me, if what I'm stating above is unclear or erroneous.

1 answers

solution1
 0 ACCPTED  2018-10-16 18:37:02

Yes you can via a custom SAML connection.

Here's an example using ADFS.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use Azure AD Saml2 authentication for SSO in .NET Core 3.1 SAML2 token signing in Azure AD How to use Azure AD as SAML IdP? Implement single sign on(saml2) Azure AD(Enterprise Application) with Reactjs .NET Core Application Azure AD API For Command Line Based SAML2 SSO (for AWS federated login) Azure SAML2 login system issue Is is possible to use Azure AD as a SAML compliant Identity Provider? CAS azure saml2 Authentication issue instant is too old or in the future Azure AD - Federated Apps SAML How to add an application to Azure AD with SSO option SAML
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM