ADFS 作为 OAuth2 提供者/身份验证服务器可能吗? [英] ADFS as OAuth2 provider / Authentication server possible?

问题描述

我们想要设置 ADFS 3.0 以启用基于 OAuth2 的身份验证.我已经阅读了大量文档，但仍不清楚是否支持此功能.

We want to setup ADFS 3.0 to enable OAuth2 based authentication. I have read lots of documentation, but am still unclear if this is supported.

ADFS 是否可以用作 oauth 的授权服务器，或者 ADFS 中的 oauth2 支持仅意味着作为另一个授权服务器的客户端?

Can ADFS be used as an authorization server for oauth, or is oauth2 support in ADFS only meant to work as a client to another authorization server?

感谢您提供将 adfs 设置为 oauth 提供者/服务器的任何帮助.

Any help for setting up adfs as oauth provider/server is appreciated.

推荐答案

在 ADFS 2012R2(又名 ADFS 3.0)中，我们仅支持授权授予流程.唯一的方案是让公共客户端(例如 iOS/Android/Windows 上的移动应用程序)访问 RESTful 服务并通过 JWT 令牌进行授权.您可以在 https://msdn.microsoft.com/en-us/上看到这一点图书馆/dn633593.aspx

in ADFS 2012R2 (aka ADFS 3.0), we only support the authorization grant flow. The only scenario is for public clients (say a mobile app on iOS/Android/Windows) to access a RESTful service and authorizing via JWT tokens. You can see this at https://msdn.microsoft.com/en-us/library/dn633593.aspx

借助 ADFS 2016(即将发布)，您将获得完整的 Oauth/OIDC 支持.有了它，您可以构建 Web 应用程序、单页应用程序、API、需要代表支持的多层应用程序系统、机密客户端(支持充当机密客户端的 Windows 服务帐户).您可以查看 https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/ad-fs-development

With ADFS 2016 (which will release imminently), you have the full Oauth/OIDC support. With this you can build web apps, single page apps, API's, multi-tiered app systems that require On-behalf-of support, confidential clients (with support for windows service accounts acting as confidential clients). You can check this out https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/ad-fs-development

这篇关于ADFS 作为 OAuth2 提供者/身份验证服务器可能吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！