使用Office 365对外部用户进行身份验证 [英] Authenticate external user with Office 365

问题描述

是否可以使用Microsoft的安全令牌服务（"https：//login.microsoftonline.com/extSTS.srf""）对Office 365的外部用户进行身份验证？

Is it possible to authenticate an external user against Office 365 using Microsoft's security token service ("https://login.microsoftonline.com/extSTS.srf")?

对于外部用户，我的意思是组织外部的用户已被邀请通过共享加入Office 365 SharePoint网站。此用户使用其Microsoft帐户登录Office 365 SharePoint站点;他们不使用组织或* .onmicrosoft.com
帐户。

By external user, I mean a user outside the organization that has been invited to join a Office 365 SharePoint site through sharing. This user logs into the Office 365 SharePoint site using their Microsoft account; they do not use an organizational or *.onmicrosoft.com account.

以下是发送到安全令牌服务的标准SOAP请求。当[username]是组织或* .onmicrosoft.com帐户（例如，mydomain.onmicrosoft.com）时，一切都很有效。但是，如果[username]是外部用户，已邀请
到Office 365 SharePoint站点（并且用户已接受邀请并且他们可以在其Web浏览器中访问该站点），则请求始终会失败，并且" wst：FailedAuthentication ...
输入和存储的密码不匹配 " ; 响应。显然，我确定正在使用正确的密码。

Below is the standard SOAP request that is sent to the security token service. When [username] is an organizational or *.onmicrosoft.com account (e.g., mydomain.onmicrosoft.com), then everything works great. However, when [username] is an external user that has been invited to the Office 365 SharePoint site (and the user has accepted the invitation and they can access the site in their web browser), the request always fails with a "wst:FailedAuthentication ... The entered and stored passwords do not match" response. Obviously, I'm certain the correct password is being used.

对于外部用户的[用户名]，我们尝试了各种排列，包括他们登录Microsoft帐户时输入的电子邮件（例如，"someone@outlook.com"等）以及当他们
被邀请时用户名在Office 365中显示的格式并接受邀请（例如，"someone_outlook.com#EXT#@mydomain.onmicrosoft.com"）。

For the external user's [username], we have tried various permutations, include the email they enter when they login to their Microsoft account (e.g., "someone@outlook.com") and also the format the user name is displayed in Office 365 when they are invited and accept the invitation (e.g., "someone_outlook.com#EXT#@mydomain.onmicrosoft.com").

这里有什么想法？是否可以对外部用户进行身份验证？

Any thoughts here? Is authenticating external users possible?

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
        <a:ReplyTo>
            <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
        </a:ReplyTo>
        <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <o:UsernameToken>
                <o:Username>[username]</o:Username>
                <o:Password>[password]</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body>
        <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
            <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
                <a:EndpointReference>
                    <a:Address>https://mydomain.sharepoint.com/</a:Address>
                </a:EndpointReference>
            </wsp:AppliesTo>
            <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
            <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
            <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
        </t:RequestSecurityToken>
    </s:Body>
</s:Envelope>

推荐答案

您好

使用GUI可以做到最简单

you can do easiest using GUI

http：// office365evangelist。 com /？p = 118

http://office365evangelist.com/?p=118

这篇关于使用Office 365对外部用户进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！