在Windows Azure中的AppFabric访问控制服务的OAuth 2.0身份提供商(ACS) [英] OAuth 2.0 Identity Providers in Windows Azure AppFabric Access Control Service (ACS)
问题描述
OAuth 2.0用户代表团包括在Azure AppFabric的访问控制服务中:
OAuth 2.0 delegation is included within the Azure AppFabric Access Control Service:
<一个href=\"http://blogs.objectsharp.com/cs/blogs/steve/archive/2011/04/11/windows-azure-access-control-services-v2-rtw.aspx\" rel=\"nofollow\">http://blogs.objectsharp.com/cs/blogs/steve/archive/2011/04/11/windows-azure-access-control-services-v2-rtw.aspx
但你如何真正建立一个OAuth 2.0身份提供商?
But how do you actually set up an OAuth 2.0 identity provider?
在当你添加一个身份提供程序,并选择WS联合身份提供者的管理界面,您需要提供WS联合元数据文档。
In the management interface when you add an Identity Provider and select WS-Federation identity provider, you need to provide a WS-Federation metadata document.
然而,当你阅读的OAuth 2.0提供的文件(即的http:/ /msdn.microsoft.com/en-us/library/hh243647.aspx )有一个元数据文件中没有提及(是的,我知道的Windows Live包括为preconfigured身份提供者)。这是不是我写的?
However, when you read the documentation of OAuth 2.0 providers (i.e. http://msdn.microsoft.com/en-us/library/hh243647.aspx) there is no mention of a metadata document (Yes, I know Windows Live is included as a preconfigured identity provider). Is this something I have to write?
更新
好了,我发现,您可以使用API添加额外的身份提供者,看到这些的PowerShell作为命令的示例:
Ok, so I've found that you can add additional identity providers using the API, see these PowerShell commands as an example:
<一个href=\"http://blogs.msdn.com/b/vbertocci/archive/2011/05/19/adding-a-custom-openid-provider-to-acs-with-just-one-line-of-powershell-$c$c.aspx\" rel=\"nofollow\">http://blogs.msdn.com/b/vbertocci/archive/2011/05/19/adding-a-custom-openid-provider-to-acs-with-just-one-line-of-powershell-$c$c.aspx
但尝试添加一个OAuth提供程序时,我刚刚得到一个错误:
However when trying to add an OAuth provider, I just get an error:
Add-IdentityProvider -Type "Manual" -Name "foo" -SignInAddress "http://term.ie/oauth/example/access_token.php" -Protocol OAuth -Namespace "abc" -ManagementKey "xxxxxx"
Add-IdentityProvider : An error occurred while processing this request.
At line:1 char:21
+ Add-IdentityProvider <<<< -Type "Manual" -Name "foo" -SignInAddress "http://term.ie/oauth/example/access_token.php" -Protocol OAuth -Namespace "abc" -ManagementKey "xxxxxx"
+ CategoryInfo : CloseError: (:) [Add-IdentityProvider], ServiceManagementException
+ FullyQualifiedErrorId : Microsoft.Samples.DPE.ACS.ServiceManagementTools.PowerShell.IdentityProviders.AddIdentityProviderCommand
另一个更新
在ACS管理API提供了添加新的身份提供商(如果你设置的OpenID作为WebSSOProtocolType)的机制,但是,我不能看到你在键/秘密如何传递的OAuth的测试服务器(的 http://term.ie/oauth/example/ )我使用的要求。
The ACS Management API provides a mechanism for adding new Identity Providers (if you set OpenId as your WebSSOProtocolType), however, I can't see how you pass in the key/secret that the OAuth test server ( http://term.ie/oauth/example/ ) I'm using requires.
http://msdn.microsoft.com/en-us/library/ hh278947.aspx
推荐答案
在电子邮件的交谈,我与多米尼克拜尔(www.leastprivilege.com),他说:
In an email conversation I had with Dominick Baier (www.leastprivilege.com) he said:
ACS实际上支持的OpenID国内流离失所者 - 不是OAuth的。的OAuth用于令牌
请求(通常委托令牌)。
ACS actually supports OpenId IdPs – not OAuth. OAuth is used for token requests (delegation tokens typically).
要添加的IdP你需要使用管理API新的OpenID - 维托里奥
有一个博客帖子某处的样本。但并不是所有的OpenID提供
都支持。
To add new OpenIds IdP you need to use the management API – Vittorio has a blog post with a sample somewhere. But not all OpenId providers are supported.
如果我正确理解Dominick的电子邮件,你不能在这方面的能力使用OAuth,你必须使用的OpenID。不幸的是谁写你真的提到不知道什么OpenID的第一个博客文章中的家伙/ OpenAuth - 他是一个WS-美联储的家伙。我说,因为我写的...:)
If I understood Dominick's email properly, you cannot use OAuth in this capacity, you have to use OpenId. Unfortunately the guy who wrote the first blog article you mentioned really doesn't know anything about OpenID/OpenAuth -- he's a WS-Fed guy. I say that because I wrote it... :)
这篇关于在Windows Azure中的AppFabric访问控制服务的OAuth 2.0身份提供商(ACS)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
