Azure是否支持动态RelayState? [英] Does Azure support dynamic RelayState?

问题描述

Azure的文档涵盖了RelayState(https://docs.microsoft.com/zh-cn/azure/active-directory/manage-apps/configure-single-sign-on-portal)，因为它是固定参数.在SAML世界中，它用于服务提供(SP)启动的SSO流，以允许 重定向发生在不同的URL.

ADFS中的RelayState参数是根据这些文档(https://social.technet.microsoft.com/wiki/contents/articles/13172.ad-fs-2-0-relaystate-generator.aspx)生成的. Azure AD是否具有类似的编码?我找不到任何提及 RelayState是否与ADFS设置中的工作方式相同.

The docs for Azure cover RelayState (https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-portal) as it's a fixed parameter.  In the SAML world, it is used for Service Provided (SP) initiated SSO flows to allow the redirect to happen for different URLs.

The RelayState parameter in ADFS is generated according to these docs (https://social.technet.microsoft.com/wiki/contents/articles/13172.ad-fs-2-0-relaystate-generator.aspx).  Does Azure AD have similar encoding for it?  I'm unable to find any mentions of whether RelayState works the same way as it does in the ADFS setting.

推荐答案

如果您在SP启动的流中使用中继状态，则应将其用作不透明标识符，即随SAML请求一起发送到STS，并直接传递回SP.

If you are using Relay State in SP initiated flow, it is meant to be used as an opaque identifier which is sent along with the SAML request to the STS and passed back without any modification or inspection back to the SP. 

在IDP启动的流程中，中继状态"用于将用户重定向到目标资源URL.您可以了解更多有关此 SAML V2.0技术说明.在Azure AD中，这是静态的，如您提到的文章所述，并在IDP方案中使用.

In the IDP initiated flow, Relay State is used to redirect the user to the target resource URL.  You can get more details about this SAML V2.0 technical description. In Azure AD , this is static as described in the article you mentioned and is used in IDP scenarios.

我假设您要在中继状态中与SAML请求一起发送不同的值.在这种情况下，Azure AD会将其发送回SP，而无需进行任何修改.如果您的应用程序可以使用它并重定向用户，则应该 工作.

I am assuming that you want to send different values in Relay State along with the SAML request. If that's the case then Azure AD will send it back to the SP without any modification. If your application can use this and redirect the user then it should work.

提供了ADFS生成器，以在IDP启动的流中正确生成编码的URL.在Azure AD中，它是自动的，并且遵循类似的编码.

The ADFS generator is provided to generate the encoded URL properly in IDP initiated flows. In Azure AD it's automated and follows similar encoding. 

希望这会有所帮助.

这篇关于Azure是否支持动态RelayState?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！