设置在ClaimTypesRequested机构帐户开 - premises联合会 [英] Set ClaimTypesRequested in Organizational Accounts On-Premises Federation
问题描述
我试图创造将使用本地ADFS作为其发行方依赖方的Web应用程序。在Visual Studio 2012中执行此操作使用已提供的工具是相当容易的。现在,我试图做同样的事情在Visual Studio 2013,而经验是有点不同。基本上,我跟着<一个列出的步骤href=\"http://www.cloudidentity.com/blog/2014/02/12/USE-THE-ON-$p$pMISES-ORGANIZATIONAL-AUTHENTICATION-OPTION-ADFS-WITH-ASP-NET-IN-VISUAL-STUDIO-2013/\"相对=nofollow>这个博客帖子。
I'm trying to create a relying party web application which will use a local ADFS as its issuer. Doing this in Visual Studio 2012 was fairly easy using the tooling that was provided. Now I'm trying to do the same thing in Visual Studio 2013, and the experience is a little different. Basically I've followed the steps outlined in this blog post.
我注意到的是,有项目无 FederationMetadata.xml 文件,当我通过模板生成的文件浏览,我发现 IdentityConfig 我假设提供了将被用来在运行时生成的 FederationMetadata.xml 文件中的配置...?
What I noticed is that there is no FederationMetadata.xml file in the project, and when I browsed through the files generated by the template, I found IdentityConfig which I assume provides the configuration which will then be used to generate the FederationMetadata.xml file at runtime...?
这对我来说是非常重要的最后一件事是,我需要有一个&LT;饲喂:ClaimTypesRequested&GT; 部分让我信赖方应用程序可以设置其所需的声明。我如何做,如果我没有在项目中的 FederationMetadata.xml 文件?
One last thing which is very important for me is that I need to have a <fed:ClaimTypesRequested> section so that my relying party application can set its required claims. How do I do that if I do not have a FederationMetadata.xml file in the project?
感谢。
推荐答案
烨 - 注意到,以及 - 我presume这是因为标准元数据路径不与MVC路由符合
Yup - noticed that as well - I presume it's because the standard metadata path doesn't fit with MVC routing?
美联储:ClaimTypesRequested部分仅仅是文档。您的应用程序收到由ADFS确定的索赔理赔规则配置。
The fed:ClaimTypesRequested section is just for documentation. The claims your application receives are determined by the ADFS claims rules configuration.
更新:
没有 - 身份验证登录/密码。 AD中的其他属性都只是授权。唯一的原因是ADFS不发送配置的说法是,它是空,即不填充该属性。
No - authentication is login / password. The other attributes in AD are just for authorization. The only reason that ADFS does not send a configured claim is that it is null i.e. the attribute is not populated.
是 - 你可以增加索赔集。您可以将静态索赔通过ADFS声称规则如索赔不在AD。您也可以在RP身边,你提的要求添加
Yes - you can augment the claim set. You can add static claims via ADFS claims rules e.g. claims that are not in AD. You can also add claims on the RP side as you mention.
这篇关于设置在ClaimTypesRequested机构帐户开 - premises联合会的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
