Azure AD问题声明安全组名称 [英] Azure AD issues claims security groups names
问题描述
我需要我的Azure AD发出具有安全组名称的声明. 但是JWT令牌中只有组对象 id .
I need my Azure AD to issue a claim with security group names. But there are only group object ids come out in the JWT token.
如何获取安全组名称?
到目前为止,我做了什么: 1.创建一个测试安全组,并为其分配用户.这是该用户的唯一组.
What I did so far: 1. Created a test security group and assigned a user to it. This is the only group for this user.
-
将groupMembershipClaims设置为All(整数7),如本正式文档中所述这是应用程序清单的相关部分:
{ ... "appRoles": [], "availableToOtherTenants": false, "displayName": "Azure AD B2C sandbox App ", "errorUrl": null, "groupMembershipClaims": "All", "optionalClaims": null, "acceptMappedClaims": null,...here is the relevant part of the application manifest:
{ ... "appRoles": [], "availableToOtherTenants": false, "displayName": "Azure AD B2C sandbox App ", "errorUrl": null, "groupMembershipClaims": "All", "optionalClaims": null, "acceptMappedClaims": null,...推荐答案
您无法使用令牌获取它们.如您所见,您仅获得ID. 通常这很好,因为id不能更改,而id可以更改.
You cannot get them in tokens. As you noticed, you only get the ids. Usually this is good, since the id cannot be changed, unlike the name which can change.
如果要基于组进行授权,可以在配置文件中设置ID,然后检查ID.
If you want to do authorization based on groups, you can set the ids in a configuration file and then check with the id.
如果您想为其他目的使用名称,则需要从Microsoft Graph API查询组. 您可以在这里找到API文档: https://developer.microsoft.com/zh-CN/graph/docs/api-reference/v1.0/resources/groups-overview
If you want the names for some other purpose, you'll need query the groups from Microsoft Graph API. You can find the API documentation here: https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/groups-overview
这篇关于Azure AD问题声明安全组名称的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
