如何在SAML SSO配置中自定义“用户未分配给角色”消息 [英] How to customize 'user is not assigned to a role' message in SAML SSO configuration

问题描述

您好！我们正在利用Azure AD企业应用程序将SAML SSO配置为非库应用程序，以管理对我们的Web应用程序的身份验证和授权。我们使用AD组授权用户访问该应用程序。
当不在该组中的用户尝试登录时，他们正确地收到消息"登录用户'email@foo.bar'未分配给应用程序'GUID'的角色。 "以及带有ID，时间戳等的第二条消息。这是
不是用户友好的消息，我们想要自定义它，或者如果可能的话，将用户发送到具有"登录失败"的应用程序。表示用户未获得授权的响应，因此应用程序可以显示相应的消息。 这是可能的
，如果是这样，我可以指向在Azure中配置它的文档或步骤吗？谢谢！

Hello! We are utilizing Azure AD Enterprise Applications to configure SAML SSO as a non-gallery application to manage authentication and authorization to our web application. We are using an AD group to authorize users to have access to the application. When a user that is not in the group attempts to log in, they correctly receive the message "The signed in user 'email@foo.bar' is not assigned to a role for the application 'GUID'..." along with a second message with IDs, timestamps, etc. This is not a user friendly message and we would like to customize it or if possible send the user to the application with a "Sign-in Failure" response indicating the user is not authorized so the application can display an appropriate message.  Is this possible and if so can I be pointed to the document or steps to configure this in Azure? Thank you!

推荐答案

这将要求您正确处理第三方非图库应用程序中的响应。即，一旦收到错误，您将显示UX友好消息。无法更改AADSTS端点的响应。

This would require you to properly handle the response in the 3rd party non-gallery application. i.e. once you receive the error, you would display a UX friendly message. There is no way to change what the response is from the AADSTS endpoint.

这篇关于如何在SAML SSO配置中自定义“用户未分配给角色”消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！