可以将ADFS作为OAuth2提供程序/身份验证服务器吗? [英] ADFS as OAuth2 provider / Authentication server possible?
问题描述
我们要设置ADFS 3.0以启用基于OAuth2的身份验证.我已经阅读了许多文档,但是仍不清楚是否支持.
We want to setup ADFS 3.0 to enable OAuth2 based authentication. I have read lots of documentation, but am still unclear if this is supported.
是否可以将ADFS用作oauth的授权服务器,或者ADFS中对oauth2的支持仅意味着充当其他授权服务器的客户端?
Can ADFS be used as an authorization server for oauth, or is oauth2 support in ADFS only meant to work as a client to another authorization server?
感谢您将adfs设置为oauth提供者/服务器的任何帮助.
Any help for setting up adfs as oauth provider/server is appreciated.
推荐答案
在ADFS 2012R2(又称ADFS 3.0)中,我们仅支持授权授予流程.唯一的情况是公共客户端(例如,iOS/Android/Windows上的移动应用程序)访问RESTful服务并通过JWT令牌进行授权.您可以在 https://msdn.microsoft.com/zh-CN/library/dn633593.aspx
in ADFS 2012R2 (aka ADFS 3.0), we only support the authorization grant flow. The only scenario is for public clients (say a mobile app on iOS/Android/Windows) to access a RESTful service and authorizing via JWT tokens. You can see this at https://msdn.microsoft.com/en-us/library/dn633593.aspx
借助ADFS 2016(即将发布),您将获得Oauth/OIDC的全面支持.借助此工具,您可以构建Web应用程序,单页应用程序,API的,需要代表支持的多层应用程序系统,机密客户端(支持Windows服务帐户充当机密客户端).您可以 https: //technet.microsoft.com/zh-CN/windows-server-docs/identity/ad-fs/ad-fs-development
With ADFS 2016 (which will release imminently), you have the full Oauth/OIDC support. With this you can build web apps, single page apps, API's, multi-tiered app systems that require On-behalf-of support, confidential clients (with support for windows service accounts acting as confidential clients). You can check this out https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/ad-fs-development
这篇关于可以将ADFS作为OAuth2提供程序/身份验证服务器吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!