使用Azure AD的工作日SSO：移动应用程序登录重定向URL和超时重定向URL？ [英] Workday SSO with Azure AD: Mobile App Login Redirect URL and Timeout Redirect URL?

问题描述

我正在尝试将Workday配置为使用Azure AD进行单点登录（SSO）。我正在遵循Microsoft的指导：

I am trying to configure Workday to use Azure AD for Single Sign-On (SSO). I am following Microsoft guidance:

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/workday-tutorial

工作日有两种设置没有记录，我想要一些指导：
移动应用程序登录重定向网址和 超时重定向网址。

There are two settings on Workday that are not documented, and I would like some guidance on: Mobile App Login Redirect URL and Timeout Redirect URL.

目前，我的登录重定向网址
设置为 https://impl.workday.com/<workdayTenantName>/login-saml2.html 。这很好用。但是，当我尝试将
移动应用程序登录重定向网址设置为相同的值时，出现"无效的用户名或密码"错误。为什么会发生这种错误？移动应用程序登录重定向URL是否应与常规登录重定向URL不同？如果是这样，那么
应该是移动应用程序登录重定向URL？

Currently, my Login Redirect URL is set to https://impl.workday.com/<workdayTenantName>/login-saml2.html. This works just fine. However, when I try to set the Mobile App Login Redirect URL to the same value, I get an error of "Invalid user name or password". Why is this error happening? Should the Mobile App Login Redirect URL be different from the regular Login Redirect URL? And if so, and what should be the Mobile App Login Redirect URL?

另外，出于测试目的，我尝试设置超时重定向网址
到我们的登录重定向网址（ https://impl.workday.com/<workdayTenantName>/login-saml2.html ）和我们的
退出重定向网址（ https://login.microsoftonline.com/< azureAdTenantId> / SAML2 ）。对于登录Workday的用户，这些值似乎都不会在会话超时中产生
。什么应该是超时重定向网址？

Also, for testing purposes, I have tried setting our Timeout Redirect URL to both our Login Redirect URL (https://impl.workday.com/<workdayTenantName>/login-saml2.html) and our Logout Redirect URL (https://login.microsoftonline.com/<azureAdTenantId>/saml2). None of these values seem to result in a session timeout for a user logged into Workday. What should be the Timeout Redirect URL?

推荐答案

根据
文档 " 登录网址"需要通过
移动登录重定向网址和登录重定向网址传递。此外，Workday不支持SAML超时，您可以将签名网址作为Timed Out网址传递，这样当用户的会话超时时，它会将用户重定向回登录页面。 

As per the documentation "Sign-on URL" needs to be passed as Mobile Login Redirect URL and in Login Redirect URL. Also, Workday does not support SAML timed out and you can pass the sign url as Timed Out url such that when a user's session time out it will redirect the user back to sign in page. 

这篇关于使用Azure AD的工作日SSO：移动应用程序登录重定向URL和超时重定向URL？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！