带有Azure AD B2C和单一登录的MSAL [英] MSAL with Azure AD B2C and Single Sign On
问题描述
我正在一个带有几个Angular 4 SPA的系统上工作,每个SPA都与单独的Asp.NET Core 2.0 WebAPI进行通信.
I'm working on a system with a few Angular 4 SPAs each talking to a separate Asp.NET Core 2.0 WebAPI.
Azure AD B2C被用作每个SPA/API的身份服务,而MSAL.js被用作Angular SPA的一部分.
Azure AD B2C is being used as the identity service for each SPA/API, and MSAL.js as part of our Angular SPAs.
我们希望支持单一登录,以防止用户从一个SPA切换到另一个SPA时需要重新输入凭据.
We want to support Single Sign-on to prevent the user needing to re-enter credentials when switching from one SPA to another.
是否可以使用msal.js v0.1.7获得单点登录行为?
Is it possible to get single sign-on behavior using msal.js v0.1.7?
推荐答案
可以使用带有MSAL.js的SSO.对于基于浏览器的应用程序,您可以通过Cookie/会话而不是令牌/令牌管理来实现SSO.请参考 Github库.通过MSAL.js,您可以使用AcquisitionTokenSilent()通过隐藏的iframe使用有效的cookie.
SSO with MSAL.js is possible. For browser-based apps you achieve SSO through cookies/sessions rather than tokens/token management. Please refer to the Github library. MSAL.js allows you to use acquireTokenSilent() to use a valid cookie via hidden iframe.
That said, the recommended way to do this is by using Azure KMSI with custom policies. This is because browser-based applications don't always keep users logged in and things like password changes can invalidate a user session.
这篇关于带有Azure AD B2C和单一登录的MSAL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!