我的申请中的自定义索赔 [英] Custom Claims in my application

问题描述

您好

我一直在尝试了解如何使用cutom声明来组织在应用程序上下文中使用WIF的应用程序。

所以，我理解正确，如果我需要使用自定义声明，他们是在STS方面定义的吗？这似乎很奇怪，因为我会看到声明发生变化（可能经常），我认为这应该是应用程序的关注点（即RP）？ （我也需要能够添加和删除声明）

要记住的另一件事是我很可能会拥有许多身份提供者（即不同的租户可能会使用不同的身份） Id提供商）所以如果我的STS有索赔问题并且STS是IdP那么这意味着我将不得不在每个STS上复制索赔管理方面，这是我宁愿避免的东西

然后我在想，也许这个问题有两个方面：

（1）用户身份验证（可能使用外部STS完成，其中唯一需要检查的是身份，可能完全是外部的）

（2）用户授权，应该离应用程序更近，甚至很可能与应用程序在同一个域中

欢迎提出任何指示

干杯

解决方案

I已经经历了类似的过程。我已经在我的博客上记录了我的思路： http://travisspencer.com/博客/ 2009/10 /联合身份候补a.html 。

HTH！

Hi there

I ve been trying to understand how to organise an application that uses WIF within the context of an application if using cutom claims.

So, I f i understand correctly, If I need to use custom claims they are defined on the STS side of things? That seems rather odd, as I would see claims changing ( perhaps often) and I think that should be a concern of the application ( ie the RP) ? ( I need to be able to add and remove claims too )

Another thing to keep in mind is that is quite likely that I will have many identity Providers ( ie different tenants could potentially use different Id Providers) so If my STS has claims concerns and the STS is the IdP then that means I will have to duplicate the claim management aspect on each STS , which i ssomething I d prefer to avoid

Then I was thinking, perhaps the problem is two fold:

(1) The user Authentication ( that can probably be done using an external STS whose only concern is to check the Identity and could be completely external)

(2) The user authorization , that should live closer to the application and it s quite likely even in the same domain as the Application

Any pointers on this very welcome

Cheers

解决方案

I've gone through a similar though process.  I've documented my line of thinking on my blog at http://travisspencer.com/blog/2009/10/federated-identity-candidate-a.html.

HTH!

这篇关于我的申请中的自定义索赔的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！