从ADFS3.0获取用户配置文件 [英] Getting the user profiles from ADFS3.0

问题描述

我曾尝试访问启用了OAuth2.0的ADFS 3.0授权。

I have tried accessing the OAuth2.0 enabled ADFS 3.0 Authorization.

我能够获得授权代码，并且给出了这一点，我就能够获得访问权限

I was able to get the authorization code and given this, i was able to get the access tokens from the token end point.

我发现没有端点可以获取用户简档，例如objectGuid，电子邮件地址等，尽管我在

I find that there is no end point for getting the user profile like objectGuid, email address etc, though I have given the claim rules in the Relying party trust in ADFS Servers.

任何人都可以帮助我实现以下目标吗？
在从ADFS收到的访问令牌声明中添加objectguid或其他声明令牌端点
（OR）
来获取用户个人资料信息。

Can any one help me achieve the following, Either add objectguid or other claims to the accesstoken claims received from the ADFS token end point (OR) to get the userprofile info.

由于ADFS 3.0中缺少文档，我们无法确定各种端点以及如何从启用OAuth2.0的端点获取用户信息。

Due to lack of documentation in the ADFS 3.0, we are unable to figure out the various end points and how to get the user informations from the OAuth2.0 enabled endpoints.

推荐答案

访问令牌包含用户您在信赖方信任的声明规则中定义的信息。这是基数为64的JSON Web令牌（JWT），是令牌中两个DOT符号之间的文本。样本用户JWT：

The access token contain user information you defined in the Claim Rules of Relying Party Trust. It's a base 64 encoded JSON Web Token (JWT) as the text between the two DOT symbol in the token. Sample user JWT:

{
  "aud": "https://localhost:8885/",
  "iss": "http://WIN-OTB3KE5FH1J.foo.com/adfs/services/trust",
  "iat": 1435071019,
  "exp": 1435074619,
  "email": "guo.du@foo.com",
  "commonname": "guo.du",
  "displayName": "Guo Du",
  "distinguishedName": "CN=Guo Du,CN=Users,DC=foo,DC=com",
  "auth_time": "2015-06-23T14:13:24.922Z",
  "authmethod":     "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
  "ver": "1.0",
  "appid": "FooClient"
}

这篇关于从ADFS3.0获取用户配置文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！