如何在SAML SSO配置中自定义“用户未分配给角色”消息 [英] How to customize 'user is not assigned to a role' message in SAML SSO configuration
问题描述
您好!我们正在利用Azure AD企业应用程序将SAML SSO配置为非库应用程序,以管理对我们的Web应用程序的身份验证和授权。我们使用AD组授权用户访问该应用程序。
当不在该组中的用户尝试登录时,他们正确地收到消息"登录用户'email@foo.bar'未分配给应用程序'GUID'的角色。 "以及带有ID,时间戳等的第二条消息。这是
不是用户友好的消息,我们想要自定义它,或者如果可能的话,将用户发送到具有"登录失败"的应用程序。表示用户未获得授权的响应,因此应用程序可以显示相应的消息。 这是可能的
,如果是这样,我可以指向在Azure中配置它的文档或步骤吗?谢谢!
Hello! We are utilizing Azure AD Enterprise Applications to configure SAML SSO as a non-gallery application to manage authentication and authorization to our web application. We are using an AD group to authorize users to have access to the application. When a user that is not in the group attempts to log in, they correctly receive the message "The signed in user 'email@foo.bar' is not assigned to a role for the application 'GUID'..." along with a second message with IDs, timestamps, etc. This is not a user friendly message and we would like to customize it or if possible send the user to the application with a "Sign-in Failure" response indicating the user is not authorized so the application can display an appropriate message. Is this possible and if so can I be pointed to the document or steps to configure this in Azure? Thank you!
推荐答案
这将要求您正确处理第三方非图库应用程序中的响应。即,一旦收到错误,您将显示UX友好消息。无法更改AADSTS端点的响应。
This would require you to properly handle the response in the 3rd party non-gallery application. i.e. once you receive the error, you would display a UX friendly message. There is no way to change what the response is from the AADSTS endpoint.
这篇关于如何在SAML SSO配置中自定义“用户未分配给角色”消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!