可以将ADFS作为OAuth2提供程序/身份验证服务器吗? [英] ADFS as OAuth2 provider / Authentication server possible?

问题描述

我们要设置ADFS 3.0以启用基于OAuth2的身份验证.我已经阅读了许多文档，但是仍不清楚是否支持.

We want to setup ADFS 3.0 to enable OAuth2 based authentication. I have read lots of documentation, but am still unclear if this is supported.

是否可以将ADFS用作oauth的授权服务器，或者ADFS中对oauth2的支持仅意味着充当其他授权服务器的客户端?

Can ADFS be used as an authorization server for oauth, or is oauth2 support in ADFS only meant to work as a client to another authorization server?

感谢您将adfs设置为oauth提供者/服务器的任何帮助.

Any help for setting up adfs as oauth provider/server is appreciated.

推荐答案

在ADFS 2012R2(又称ADFS 3.0)中，我们仅支持授权授予流程.唯一的情况是公共客户端(例如，iOS/Android/Windows上的移动应用程序)访问RESTful服务并通过JWT令牌进行授权.您可以在 https://msdn.microsoft.com/zh-CN/library/dn633593.aspx

in ADFS 2012R2 (aka ADFS 3.0), we only support the authorization grant flow. The only scenario is for public clients (say a mobile app on iOS/Android/Windows) to access a RESTful service and authorizing via JWT tokens. You can see this at https://msdn.microsoft.com/en-us/library/dn633593.aspx

借助ADFS 2016(即将发布)，您将获得Oauth/OIDC的全面支持.借助此工具，您可以构建Web应用程序，单页应用程序，API的，需要代表支持的多层应用程序系统，机密客户端(支持Windows服务帐户充当机密客户端).您可以 https: //technet.microsoft.com/zh-CN/windows-server-docs/identity/ad-fs/ad-fs-development

With ADFS 2016 (which will release imminently), you have the full Oauth/OIDC support. With this you can build web apps, single page apps, API's, multi-tiered app systems that require On-behalf-of support, confidential clients (with support for windows service accounts acting as confidential clients). You can check this out https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/ad-fs-development

这篇关于可以将ADFS作为OAuth2提供程序/身份验证服务器吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！