使用Azure AD身份验证进行声明增强 [英] Claim augmentation with Azure AD authentcation

问题描述

我有一个应用程序，其中我的用户通过使用ADFS联合的多个目录进行了身份验证.有一个中央ADFS进行联合并路由到正确的IDP.大多数IDP是ADFS，通过以下方式向SAML令牌添加声明使用正常的ADFS规则.现在，我们有一些客户希望将Azure AD用作IDP，但这似乎不允许添加诸如ADFS之类的声明. 使用Azure AD将自定义声明添加到saml令牌的方式是什么?"

"I have an application where I have users authenticated with multiple directories all federated using a ADFS. There is a central ADFS that does the federated and routing to the correct IDP. Most IDP are ADFS that add claims to the SAML token by using the normal ADFS rules. We now have some customers that want to use Azure AD as IDP, but this seems not to allow to add claims like ADFS.   What would be the way to add custom claims to a saml token using Azure AD?"

推荐答案

您可以通过通过应用程序库将应用程序添加到Azure AD Directory Portal中来实现.这使您有机会向传出的SAML令牌添加声明.

You can do this by adding your application in Azure AD Directory Portal via the Application Gallery. This gives you the opportunity to add claims to the outgoing SAML Token.

如果您具有Azure AD Premium，则可以添加自己的应用程序(接受SAML 2.0)并通过属性"选项卡配置额外的声明

If you have Azure AD Premium you can add your own application (that accept SAML 2.0) and configure the extra claims via the "Attributes tab"

如果您或您的客户没有Azure AD Premium，则必须将您的应用程序添加到Azure AD应用程序库中. https://azure.microsoft.com/zh-CN/documentation/articles/active-directory-app-gallery-listing/

If you or your customers do not have Azure AD Premium you will have to have you app added to the Azure AD Application Gallery. The process for this is described in https://azure.microsoft.com/en-us/documentation/articles/active-directory-app-gallery-listing/

这篇关于使用Azure AD身份验证进行声明增强的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！