针对Azure AD(SAML)的WS-Trust身份验证 [英] WS-Trust authentication against Azure AD (SAML)
问题描述
你好
我们有一个可行的解决方案,可以将SSO与AD FS和SAML一起使用.现在,对于客户,我们需要使用他的Azure AD环境执行相同的操作.我们按照本文进行操作,以使被动身份验证流与使用自定义链接到AD FS的Azure AD正常工作 SAML连接(请参见
we have a working solution to use SSO with AD FS and SAML. Now for a customer we need to do the same using his Azure AD enviromnent. We followed this article to get the passive authentication flow working alright with Azure AD linked to AD FS using a custom SAML connection (see
https://medium.com/the-new-control-plane/connecting-adfs-and-azure-active-directory-via-the-custom-saml-connection-e0fc522b71ca) - so this works as expected using browser redirects.
但是我无法使用没有浏览器窗口支持的本机c ++应用程序中的活动身份验证流,在Azure AD中找到有效的终结点来请求SAML令牌.在本地ADFS中,我们使用此终结点( adfs/services/trust/13/usernamemixed ).我在Azure AD SAML配置中没有看到类似的终结点.在这种情况下,如何使主动SSO身份验证与Azure AD一起使用?
But i am unable to find an valid endpoint in Azure AD to request a SAML Token using the active authentication flow from an native c++ application with no browser window support. In a local ADFS we use this endpoint ( adfs/services/trust/13/usernamemixed ). I do not see a similar endpoint in the Azure AD SAML configuration. How can i make the active SSO authentication working with Azure AD in this scenario?
谢谢!
推荐答案
获取有关声明Azure广告安全令牌的更多详细信息
Get the more details on claims Azure ad security tokens
https://docs.microsoft.com/zh-CN/azure/active-directory/develop/authentication-scenarios#claims-in-azure-ad-security-tokens 和 https://docs.microsoft.com/zh-CN/azure/active-directory/hybrid/how-to-connect-fed-saml-idp
https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios#claims-in-azure-ad-security-tokens and https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp
查看不在SSO的Azure活动目录应用程序库中的应用程序的配置.
See the configuration of application that are not in the Azure active directory application gallery for SSO.
这篇关于针对Azure AD(SAML)的WS-Trust身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
