用于访问令牌的 ADAL java 库不返回组和角色
ADAL java library for access token not returning groups and roles
我正在尝试使用 ADAL4J 库获取 Active Directory 的组和角色,我所指的示例项目是
GitHub AzureAD 示例项目 azure-activedirectory-library-for-java.
我得到的响应是一个具有以下内容的令牌:
{
"aud": "https://graph.windows.net",
"iss": "[redacted for Whosebug post]",
"iat": 1474924521,
"nbf": 1474924521,
"exp": 1474928421,
"appid": "MyApplicationObjectId from AD",
"appidacr": "1",
"e_exp": 10800,
"idp": "[redacted for stack overflow post]",
"oid": "68467740-2af5-43ab-8bfb-362b494956c5",
"roles": [
"Device.ReadWrite.All",
"Directory.Read.All",
"Directory.ReadWrite.All",
"Domain.ReadWrite.All"
],
"sub": "68467740-2af5-43ab-8bfb-362b494956c5",
"tid": "e536c1ed-4822-4b88-8c01-9f14c1c583e3",
"ver": "1.0"
}
但是,我希望在访问令牌中也有以下声明:
"groups": [
"8c335044-b534-4cfa-a816-c62588ca169e",
"68ff7ec2-db1b-45cc-afb4-785723f9a2db",
"a79ed389-c46f-4782-9752-90f4871e4b15",
"657b2f05-15f2-4849-a831-c42ecdf7db13"
],
"roles": [
"add-or-view-org-admin"
],
由于我的用户尝试访问的应用程序是 Web 应用程序,因此我在请求中发送客户端密码如下:
private static AuthenticationResult getAccessTokenFromUserCredentials(
String username, String password) throws Exception
{
AuthenticationContext context = null;
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(AUTHORITY, true, service);
ClientCredential clientCred = new ClientCredential(
CLIENT_ID, "Client Key for my Application from Active Directory");
Future<AuthenticationResult> future = context.acquireToken(
"https://graph.windows.net", clientCred, null);
result = future.get();
} finally {
service.shutdown();
}
if (result == null) {
throw new ServiceUnavailableException(
"authentication result was null");
}
return result;
}
有没有人能够使用这样的 Java 客户端来做到这一点?
我需要使用 Java 来使用它,因为我需要对其进行 运行 集成测试。
感谢任何帮助。
配置集成测试以获取用于访问在 Azure Active Directory 中配置的 Web 应用程序的访问令牌
从https://github.com/Azure-Samples/active-directory-java-native-headless
按照 README.md 中的步骤,允许本机应用程序为 AAD 中配置的 Web 应用程序请求令牌。
- 单击“添加应用程序”,Select“显示所有应用程序”,单击“确定”按钮(显示勾号)和select 您已注册的应用程序。
- 授予此应用程序权限。("Access Inventory Insights")
保存更改
- 在PublicClient.java
中使用以下内容
private final static String AUTHORITY = "https://login.microsoftonline.com/common";
私有最终静态字符串CLIENT_ID = "675a9f3e-c78a-48cc-9151-59d14ac2205b";
未来未来=context.acquireToken
("Client Id of the Application User is trying to access." , CLIENT_ID, 用户名, 密码, 空);
我正在尝试使用 ADAL4J 库获取 Active Directory 的组和角色,我所指的示例项目是 GitHub AzureAD 示例项目 azure-activedirectory-library-for-java.
我得到的响应是一个具有以下内容的令牌:
{
"aud": "https://graph.windows.net",
"iss": "[redacted for Whosebug post]",
"iat": 1474924521,
"nbf": 1474924521,
"exp": 1474928421,
"appid": "MyApplicationObjectId from AD",
"appidacr": "1",
"e_exp": 10800,
"idp": "[redacted for stack overflow post]",
"oid": "68467740-2af5-43ab-8bfb-362b494956c5",
"roles": [
"Device.ReadWrite.All",
"Directory.Read.All",
"Directory.ReadWrite.All",
"Domain.ReadWrite.All"
],
"sub": "68467740-2af5-43ab-8bfb-362b494956c5",
"tid": "e536c1ed-4822-4b88-8c01-9f14c1c583e3",
"ver": "1.0"
}
但是,我希望在访问令牌中也有以下声明:
"groups": [
"8c335044-b534-4cfa-a816-c62588ca169e",
"68ff7ec2-db1b-45cc-afb4-785723f9a2db",
"a79ed389-c46f-4782-9752-90f4871e4b15",
"657b2f05-15f2-4849-a831-c42ecdf7db13"
],
"roles": [
"add-or-view-org-admin"
],
由于我的用户尝试访问的应用程序是 Web 应用程序,因此我在请求中发送客户端密码如下:
private static AuthenticationResult getAccessTokenFromUserCredentials(
String username, String password) throws Exception
{
AuthenticationContext context = null;
AuthenticationResult result = null;
ExecutorService service = null;
try {
service = Executors.newFixedThreadPool(1);
context = new AuthenticationContext(AUTHORITY, true, service);
ClientCredential clientCred = new ClientCredential(
CLIENT_ID, "Client Key for my Application from Active Directory");
Future<AuthenticationResult> future = context.acquireToken(
"https://graph.windows.net", clientCred, null);
result = future.get();
} finally {
service.shutdown();
}
if (result == null) {
throw new ServiceUnavailableException(
"authentication result was null");
}
return result;
}
有没有人能够使用这样的 Java 客户端来做到这一点?
我需要使用 Java 来使用它,因为我需要对其进行 运行 集成测试。
感谢任何帮助。
配置集成测试以获取用于访问在 Azure Active Directory 中配置的 Web 应用程序的访问令牌
从https://github.com/Azure-Samples/active-directory-java-native-headless
得到PublicClient.java
按照 README.md 中的步骤,允许本机应用程序为 AAD 中配置的 Web 应用程序请求令牌。
- 单击“添加应用程序”,Select“显示所有应用程序”,单击“确定”按钮(显示勾号)和select 您已注册的应用程序。
- 授予此应用程序权限。("Access Inventory Insights") 保存更改
- 在PublicClient.java 中使用以下内容
private final static String AUTHORITY = "https://login.microsoftonline.com/common";
私有最终静态字符串CLIENT_ID = "675a9f3e-c78a-48cc-9151-59d14ac2205b";
未来