从Claims中的Azure AD获取作业信息(作业标题，部门和经理ID) [英] Get Job info (Job title, Department and Manager ID) from Azure AD in Claims

问题描述

我一直在阅读Azure Active Directory application manifest，但没有看到有关职位信息的任何信息.

I have been reading the Azure Active Directory application manifest but I have not seen anything regarding job info.

https://docs .microsoft.com/en-us/azure/active-directory/develop/active-directory-application-manifest

我能够像下面的答案一样将组添加到声明中，但是我无法获得职位信息.这可能吗?

I was able to add groups to claims like the answer below but I have not been able to get job info. Is this possible?

https://stackoverflow.com/a/50836460/3850405

如果我登录 https://portal.azure.com 并在我可以看到信息.

If I log into https://portal.azure.com and look at my user in Azure Active Directory I can see the information.

我也可以从Azure Active Directory Graph API

https://developer.microsoft.com/en-us/graph/graph-explorer#

https://graph.microsoft.com/v1.0/me/

https://graph.microsoft.com/v1.0/me/manager

推荐答案

那么，为什么可以通过图谱API获取有关将此信息纳入声明的问题.您只需执行一次-当用户登录并且您的中间件已验证令牌时.然后，您可以调用图形API并提取其他信息以将其打包为声明.甚至，仅在您确实需要该信息时.我对此进行详细说明，因为我们对令牌投入的索赔越多，令牌就越大.令牌越大，保存该信息的cookie越大.归根结底，总体信息info肿.

So why the question about getting this info into the claims when you can get it via graph API. You have to do this only once - when the user signs-in and your middleware have verified the token. Then you can call the graph API and extract additional info to pack it as claims. Or even, only when you really need that info. I am elaborating over this, because the more claims we put into a token, the bigger the token. The bigger the token, the bigger the cookies that keep that info. At the end of the day - bloated info overall.

以上已说完，您的职称和部门问题有解决方案.但是，对于经理的问题，没有任何解决方案.

Having said all of the above, there is a solution to your job title and department question. There is however no solution for the manager question.

您可以使用

You can include the job title and department info using custom claims mapping policies in Azure AD. Both properties - job title and department are there and available to use.

即使使用声明映射策略，您也只能得到部分解决方案，因为它不支持经理链接.您可能真的想查看仅在登录时调用图形API的选项，然后提取所需的任何其他信息.

Even when using the claims mapping policy, you will only have a partial solution, as it does not support the manager link. You may really want to review the option of just calling the graph API upon sign-in and extract any additional info you need.

这篇关于从Claims中的Azure AD获取作业信息(作业标题，部门和经理ID)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！