AD FS 2.0使用域登录的凭据 [英] AD FS 2.0 Use Credentials from domain login

问题描述

嘿，

Hey,

我是新来的AD FS和我有以下设置：

I'm new to AD FS and I have the following setup:

3 VM在内部网络中

3 VM's in an internal network

• 
  Windows Server 2008 R2 mit AD和AD FS
• 
  Debian Webserver
• 
  Windows 7客户端

客户端在域中。所以当他登录他的系统时，他会使用他的域帐户凭据。

The Client is in the domain. So when he is logging into his system he uses his domain-account credentials.

他可以使用相同的凭据从网络服务器登录网站。（我将网站添加为依赖方信任）

He is able to login into websites from the webserver with the same credentials. (I added the website as an Relying Party Trust)

在另一个站点上有一个运行php（Simplesamlphp）的apache，一切正常，但是如何在不再输入凭据的情况下实现真正的SSO？

On the other site there is an apache running with php (Simplesamlphp) an everything works fine, but how can I realize a real SSO without typing the credentials again?

非常感谢您提前，

Thank you very much in advance,

下注，

Stephan

Stephan

推荐答案

simpleSAMLphp用户对哪个凭据存储进行身份验证？

What credential store do the simpleSAMLphp users authenticate against?

通常你可以通过将ADFS作为IP并将SimpleSAMlphp作为SP并联合两者来实现这一点。然后登录到PHP应用程序的用户将被重定向到ADFS进行身份验证。

Normally you would do this by making ADFS the IP and simpleSAMlphp the SP and federating the two. Then users logging into a PHP application would be redirected to ADFS for authentication.

当用户登录网站（作为依赖方添加的网站）时，cookie将就位，用户将自动登录并且您将拥有SSO。

When a user then logs in to the websites (the ones added as a Relying Party) the cookies will be in place, the user will automatically be logged in and you will have SSO.

这篇关于AD FS 2.0使用域登录的凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！