从ADFS到ID令牌的持久身份验证上下文 [英] Persisting Authentication Context from ADFS to ID token
问题描述
大家好,
我们有一个场景,例如Azure AD B2C之类的IDP将用户重定向到Azure AD进行身份验证.
我们在Azure AD和本地ADFS之间建立了联盟信任.
用户使用"Hello for Business"登录到他们的设备. -指纹或面部认证.
我假定由ADFS生成的SAML令牌将包括Azure AD的身份验证上下文.
问题-Azure AD是否可以针对要为Azure AD B2C生成的身份令牌保留来自SAML令牌的身份验证上下文声明(例如,通过对id令牌的amr声明)?如果是,默认情况下会完成吗?
此致
Ajay
查看自定义策略,在将ADFS作为天蓝色adb2c的SAML身份添加时如何定义它>
Hi All,
We have a scenario where an IDP like Azure AD B2C redirects a user to Azure AD for authentication.
We have a federation trust between Azure AD and on-premises ADFS.
The user login to their device using "Hello for Business" - fingerprints or facial authentication.
I assume SAML token generated by ADFS will include authentication context for Azure AD.
The question - Can Azure AD persist authentication context claim from SAML token on the identity token it is going to generate for Azure AD B2C (e.g. through the amr claim on the id token)? If yes, will it be done by default?
Regards,
Ajay
See the custom policies how it is defined when adding ADFS as a SAML identity for azure adb2c
这篇关于从ADFS到ID令牌的持久身份验证上下文的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
