Spring Boot oauth2：如何在授权请求中设置资源参数以使adfs满意？ [英] Spring Boot oauth2: How to set the resource parameter in the authorization request to make adfs happy?

问题描述

我正在尝试设置一个使用oauth2和Active Directory Federation Services作为身份验证提供程序的spring boot应用程序。我从这里开始本教程...

I'm trying to set up a spring boot app that uses oauth2 with Active Directory Federation Services as the authentication provider. I started with the tutorial here...

https://spring.io/guides/tutorials/spring-boot-oauth2/

...并获得了Facebook示例工作。然后，我开始对其进行调整以与ADFS一起使用。它即将开始工作，但是ADFS希望将资源参数与授权请求一起传递，但我不知道如何设置它。这就是到目前为止我在配置中得到的内容。

... and got the facebook example to work. Then, I started adapting it to work with ADFS. It is close to working, but ADFS expects a resource parameter to be passed with the authorization request and I can't figure out how to set it. Here's what I've got so far in the config...

security:
    oauth2:
        client:
            clientId: spring-boot-test-client
            userAuthorizationUri: https://domain/adfs/oauth2/authorize
            access-token-uri: https://domain/adfs/oauth2/token
            tokenName: code
            authenticationScheme: query
            clientAuthenticationScheme: form
            grant-type: authorization_code

当我单击登录名时链接，它将重定向到 https：// domain / adfs / oauth2 / authorize？client_id = spring-boot-test-client& redirect_uri = http：// localhost：8080 / login & response_type = code& state = rjzfyZ

When I click the login link, it redirects to https://domain/adfs/oauth2/authorize?client_id=spring-boot-test-client&redirect_uri=http://localhost:8080/login&response_type=code&state=rjzfyZ

我尝试设置security：oauth2：client：id，security：oauth2：client：resourceids和security：oauth2：resource：id，但是似乎没有一个会影响第一个重定向。知道我应该设置什么才能使该资源包含在第一个重定向中吗？

I've tried setting the security:oauth2:client:id, the security:oauth2:client:resourceids and the security:oauth2:resource:id, but none of those seemed to affect the first redirect. Any idea what I should set to get the resource included in that first redirect?

推荐答案

在这里回答自己的问题...它可能是黑客，但我只是将资源附加到userAuthorizationUri

Answering my own question here... It may be a hack, but I just appended the resource to the userAuthorizationUri

security:
    oauth2:
        client:
            clientId: spring-boot-test-client
            userAuthorizationUri: https://domain/adfs/oauth2/authorize?resource=RelyingPartyTrustIdentifier
            access-token-uri: https://domain/adfs/oauth2/token
            tokenName: code
            authenticationScheme: query
            clientAuthenticationScheme: form
            grant-type: authorization_code

现在，我正在获取登录表单。

Now, I'm getting the login form.

这篇关于Spring Boot oauth2：如何在授权请求中设置资源参数以使adfs满意？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！