Azure SAML SSO 唯一用户标识符在响应中不正确 [英] Azure SAML SSO Unique User Identifier incorrect in response
问题描述
因此,我创建了一个企业应用程序并将其配置为基于 SAML 的 SSO.据我了解,我已经对其进行了配置,以便将唯一用户标识符(名称 ID)设置为用户的电子邮件 在 Azure 中.
So I created an enterprise application and have it configured for SAML based SSO. As I understand it, I've configured it so that the Unique User Identifier (Name ID) should be set the the email of the user within Azure.
当我尝试通过门户登录测试或使用我的新应用程序时,我可以看到响应中的 NameID 值实际上设置为随机字符串 (zReN4-W7ufefDDEh4pJ19K7pcMV84O5RKHSeOQ6wArU),我认为它是唯一标识我的用户.我已经尝试更改名称 ID 的源属性以及名称标识符格式,但它总是在响应中作为完全相同的字符串返回.
When I attempted to login to test or use my new application through the portal, I can see that the NameID value in the response is actually set to a random string of characters (zReN4-W7ufefDDEh4pJ19K7pcMV84O5RKHSeOQ6wArU) which I assume unique identifies my user. I've tries altering the source attribute of the Name ID as well as the name identifer format but it always comes back as the exact same string in the response.
我尝试登录的应用程序要求将名称 ID 设置为用户的电子邮件地址,我不明白为什么在响应中没有以这种方式显示.任何想法为什么会发生这种情况?
The application I'm trying to log into requires that the name ID be set to the user's email address and I don't understand why it's not being shown that way in the response. Any ideas why this is happening?
推荐答案
NameID 值是一个目标标识符,它仅定向到作为令牌受众的服务提供者.它是持久的 - 它可以被撤销,但永远不会被重新分配.它也是不透明的,因为它不会透露任何关于用户的信息,也不能用作属性查询的标识符.
The NameID value is a targeted identifier that is directed only to the service provider that is the audience for the token. It is persistent - it can be revoked, but is never reassigned. It is also opaque, in that it does not reveal anything about the user and cannot be used as an identifier for attribute queries.
一般来说,如果用户在mail属性中没有value,那么Azure AD会发送Name ID的持久格式并在其中设置随机值.
Generally, if the user does not have value in mail attribute, then Azure AD would send persistent format for Name ID and set random value in it.
关于 SAML 协议的更多信息可以通过这个文章 和类似的问题
For more information on the SAML Protocol can go through this article and similar question
这篇关于Azure SAML SSO 唯一用户标识符在响应中不正确的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
