Microsoft Active Directory 是否可以选择成为身份提供者?
Does Microsoft Active Directory have an option to be an identity provider?
我正在寻求与 SSO IdP(身份提供者)集成,并试图了解 AD 是否可以担任该角色。
即,我在 AD 上设置用户,用户在网页上进行身份验证,该网页使用 AD 检查其密码的有效性,生成一个签名令牌,我可以使用它来登录我的应用程序。
谢谢!
是的,AD 可以很容易地用作单点登录的身份提供者。
如果您打算这样做,通过 Microsoft 的 AD FS(Active Directory 联合身份验证服务) 实现 Web 单点登录 (SSO) 将是一个不错的选择。
我将引用 MSDN Article on Active Directory Federation Services 中的概述:
Overview
AD FS is a standards-based service that allows the secure sharing of
identity information between trusted business partners (known as a
federation) across an extranet. When a user needs to access a Web
application from one of its federation partners, the user's own
organization is responsible for authenticating the user and providing
identity information in the form of "claims" to the partner that hosts
the Web application. The hosting partner uses its trust policy to map
the incoming claims to claims that are understood by its Web
application, which uses the claims to make authorization decisions.
AD FS is Microsoft's implementation of the WS-Federation Passive
Requestor Profile protocol (passive indicates that the client
requirements are just a cookie- and JavaScript-enabled Web browser).
AD FS implements the standards based WS-Federation protocol and
Security Assertion Markup Language (SAML).
... // follow the link shared above for more information.
我正在寻求与 SSO IdP(身份提供者)集成,并试图了解 AD 是否可以担任该角色。 即,我在 AD 上设置用户,用户在网页上进行身份验证,该网页使用 AD 检查其密码的有效性,生成一个签名令牌,我可以使用它来登录我的应用程序。
谢谢!
是的,AD 可以很容易地用作单点登录的身份提供者。
如果您打算这样做,通过 Microsoft 的 AD FS(Active Directory 联合身份验证服务) 实现 Web 单点登录 (SSO) 将是一个不错的选择。
我将引用 MSDN Article on Active Directory Federation Services 中的概述:
Overview
AD FS is a standards-based service that allows the secure sharing of identity information between trusted business partners (known as a federation) across an extranet. When a user needs to access a Web application from one of its federation partners, the user's own organization is responsible for authenticating the user and providing identity information in the form of "claims" to the partner that hosts the Web application. The hosting partner uses its trust policy to map the incoming claims to claims that are understood by its Web application, which uses the claims to make authorization decisions.
AD FS is Microsoft's implementation of the WS-Federation Passive Requestor Profile protocol (passive indicates that the client requirements are just a cookie- and JavaScript-enabled Web browser). AD FS implements the standards based WS-Federation protocol and Security Assertion Markup Language (SAML).
... // follow the link shared above for more information.