当网站URL被添加到“可信站点”时,ADAL js在获取远程端点的令牌时在IE中不起作用。 [英] ADAL js does not work in IE when acquiring token for remote endpoint when website url is added to "Trusted Sites"
问题描述
我提交了ADAL js项目的错误( https:/ /github.com/AzureAD/azure-activedirectory-library-for-js/issues/102 )但是想与社区核实 - 也许有人能够了解其原因。标题几乎说明了一切:当网站URL添加到可信站点时,ADAL js在获取远程端点的令牌时不能在IE中工作。我创建了两个测试webapps:webapp和webapi并发布到Azure网站。这些示例基于 https://github.com/AzureAD/ Azure的ActiveDirectory的库换JS /问题/ 102 。 WebApp: https://sergtestapp2.azurewebsites.net/#/Home ,WebAPI: https://sergtestapi.azurewebsites.net 。只要你有微软帐户,任何人都可以尝试这些应用程序,因为这个应用程序是多租户的。一旦这个问题得到解答,我就会将它们删除。
I submitted a bug for ADAL js project (https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/102) but would like to check with the community - maybe someone has insight on why it is so. Title pretty much says it all: ADAL js does not work in IE when acquiring token for remote endpoint when website URL is added to "Trusted Sites". I created two test webapps: webapp and webapi and published to Azure websites. These samples are based on https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/102. WebApp: https://sergtestapp2.azurewebsites.net/#/Home, WebAPI: https://sergtestapi.azurewebsites.net. Anyone can try these apps out as long as you have microsoft account, because this app is multitenant. Once this question is answered I will wipe them out.
非常简单,导航到WebApp并单击登录。 ADAL js将处理auth部分并重定向到MS登录页面。登录 - >导航到转到列表并添加几个项目。现在,如果您打开IE或Chrome - >两个转到列表应该在列表中显示相同的项目。但是,如果您将webapp添加到IE的可信站点 - 您可以更长时间查看/添加IE中的列表。 Chrome仍然有效。
Pretty simple, navigate to WebApp and click login. ADAL js will handle the auth part and redirect to MS login page. Login -> navigate to "Go To List" and add couple items. Now, if you open IE or Chrome -> both "Go To List" should show the same items in the list. But if you add webapp to IE's "Trusted Sites" - you can longer "see/add to" the list in IE. Chrome would still work.
推荐答案
该库没有解决方案。
也许有可能用某种代理来解决它。
我有2个可能有效的解决方案,需要更多探索。
There is no solution with the library. Maybe it is possible to solve it with some sort of "proxy". I have 2 solutions which might work or not, more exploration is needed.
-
解决方案试试:
a)ADALjs重定向到应用程序URL而不是信任的azure广告登录。
b)应用程序然后通过请求代码将用户重定向到azure广告登录来请求应用程序令牌。
c)用户输入其凭证。
d)用户提交
e)申请流程提交并在cookie中返回持票人令牌。(需要检查这是否正确)
f)adaljs然后获取此令牌,因为它来自azure ad login
Solution try: a) ADALjs redirects to application url instead azure ad login which is trusted. b) Application then requests application token by redirecting user to azure ad login by request code. c) user inputs its credential. d) user submits e) application processes submit and returns bearer token in cookie.(needed to check if this is right way) f) adaljs then gets this token as it came from azure ad login
解决方案试试
a)adal js打开新窗口并收听postmessage。
c-d)与1.
e相同)申请流程提交并返回javascript以使用持票人令牌执行postmessage。
f)adal js保存此令牌。
Solution try a) adal js opens new window and listens for postmessage. c-d) same as 1. e) application processes submit and returns javascript to execute postmessage with bearer token. f) adal js saves this token.
这篇关于当网站URL被添加到“可信站点”时,ADAL js在获取远程端点的令牌时在IE中不起作用。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
