Azure应用程序代理 [英] Azure Application Proxy
问题描述
我们计划通过azure应用程序代理发布和认证本地J2EE应用程序(JDK1.7 + JBoss 6.1.0).用户将使用本地AD(Windows 2012)进行身份验证
We are planning to publish and authenticating on-premises J2EE application(JDK1.7 + JBoss 6.1.0) via azure app proxy. The user will be authenticated with on-premises AD (Windows 2012)
我们找到了此链接"的 HTTPS: //azure.microsoft.com/zh-CN/resources/samples/active-directory-java-webapp-openidconnect/ "
We have found this link "https://azure.microsoft.com/en-in/resources/samples/active-directory-java-webapp-openidconnect/"
请让我们知道这是正确的方法或任何更好的直接方法.
Please let us know this is the right approach or any better straight forward approach.
我们已经尝试过并卡住的其他选项如下.
The other options we have already tried and got stuck are as below.
我们已经在azure AD中创建了企业应用程序,并且对该应用程序进行了设置,我们为单一登录"选项选择了集成的Windows auth(IWA).我们已经在其中配置了应用程序代理,并将预身份验证设置为AAD,内部URL是我的Java 基于Web的应用程序URL.
We have created Enterprise Application in azure AD and setting of this application we have selected integrated windows auth(IWA) for Single sign-on option. we have configured app proxy in this and pre-authentication set to AAD and internal URL is my java based web application URL.
在另一侧,将AAD连接器与联合身份验证一起安装为ADFS(自定义安装).
On other side AAD connector is install with federation as ADFS(Custom install).
现在的流程是:当我们点击用户访问URL(企业应用程序的URL)时,它会挑战域验证,并且在成功验证后会重定向到我的本地AD表单.成功验证到ADFS后,它会再次重定向应用程序代理(SAML 响应)和应用代理重定向到名为"authorizationNegotiate"的某些令牌重定向到我的网络应用.
Now the flow is : when we hit User access URL(URL for enterprise application) it challenge for domain verification and after successful verification it redirect to my on-premises AD form. after successful authentication to ADFS it again redirects app proxy(SAML response) and app proxy redirect to my web app with some token named "authorizationNegotiate".
任何人都可以确认是否这是访问令牌?如果是这样,我们还没有找到任何可解码的库.
Can anyone confirm, if this is the access token? If so, we haven't found any lib to decode this.
这方面的任何帮助都会有很大帮助.
Any help in this direction would be of a great help.
先谢谢您
此致
TFS查询
推荐答案
是的,这是您正在尝试的好方法,请参见将Azure广告集成到Java控制台应用程序中的方法使用用户名和密码.
Yes, it is the good approach what you are trying, see this for integrating Azure ad into a java console application using username and password.
https://github.com/Azure-Samples/active-directory-java-native -headless
这篇关于Azure应用程序代理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
