AD FS 2.0使用域登录的凭据 [英] AD FS 2.0 Use Credentials from domain login
问题描述
嘿,
Hey,
我是新来的AD FS和我有以下设置:
I'm new to AD FS and I have the following setup:
3 VM在内部网络中
3 VM's in an internal network
-
Windows Server 2008 R2 mit AD和AD FS -
Debian Webserver -
Windows 7客户端
客户端在域中。所以当他登录他的系统时,他会使用他的域帐户凭据。
The Client is in the domain. So when he is logging into his system he uses his domain-account credentials.
他可以使用相同的凭据从网络服务器登录网站。(我将网站添加为依赖方信任)
He is able to login into websites from the webserver with the same credentials. (I added the website as an Relying Party Trust)
在另一个站点上有一个运行php(Simplesamlphp)的apache,一切正常,但是如何在不再输入凭据的情况下实现真正的SSO?
On the other site there is an apache running with php (Simplesamlphp) an everything works fine, but how can I realize a real SSO without typing the credentials again?
非常感谢您提前,
Thank you very much in advance,
下注,
Stephan
Stephan
推荐答案
simpleSAMLphp用户对哪个凭据存储进行身份验证?
What credential store do the simpleSAMLphp users authenticate against?
通常你可以通过将ADFS作为IP并将SimpleSAMlphp作为SP并联合两者来实现这一点。然后登录到PHP应用程序的用户将被重定向到ADFS进行身份验证。
Normally you would do this by making ADFS the IP and simpleSAMlphp the SP and federating the two. Then users logging into a PHP application would be redirected to ADFS for authentication.
当用户登录网站(作为依赖方添加的网站)时,cookie将就位,用户将自动登录并且您将拥有SSO。
When a user then logs in to the websites (the ones added as a Relying Party) the cookies will be in place, the user will automatically be logged in and you will have SSO.
这篇关于AD FS 2.0使用域登录的凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!