跳过 "login.windows.net" 并重定向到联合 ADFS
Skip "login.windows.net" and redirect to federated ADFS
关于如何跳过登录选择的任何建议 url(主领域?)
http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
In OAuth2 and OpenId Connect you do so by passing the target domain in the “domain_hint” parameter.
In ADAL you can pass it via the following:
AuthenticationResult ar =
ac.AcquireToken("https://developertenant.onmicrosoft.com/WebUXplusAPI",
"71aefb3b-9218-4dea-91f2-8b23ce93f387",
new Uri("http://any"), PromptBehavior.Always,
UserIdentifier.AnyUser, "domain_hint=mydomain.com");
In the OWIN middleware for OpenId Connect you can do the same in the RedirectToIdentityProvider notification:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.DomainHint = "mydomain.com";
return Task.FromResult(0);
},
}
});
Finally, in WS-Fed you do the following:
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Notifications = new WsFederationAuthenticationNotifications
{
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.Whr = "mydomain.com";
return Task.FromResult(0);
}
}
}
}
因此,如果您使用的是 ADAL js,只需添加到您的 ADAL init:
extraQueryParameter: 'domain_hint=yourCompany.com'
这对我来说效果不佳。我发现如果我想跳过 Home Realm Discovery 页面,我必须使用 Resource Explorer 并直接在 authSettings 中执行。
This article almost had what I needed (see Default Login Parameters section). However, this article 的解释足以让我在 Resource Explorer 中找到我需要的东西(请参阅显示正确路径的步骤 13)。
主要是找到 authSettings 部分和正确的密钥。您不必在资源浏览器中添加密钥;您只需要添加一个 domain_hint 值。如果你没有看到钥匙,你就在错误的位置。正确的位置是:订阅 -> [您的订阅名称] -> ResourceGroups -> [资源组的名称] -> 提供商 -> Microsoft.Web -> 站点 -> [您的站点名称] -> authsettings
关于如何跳过登录选择的任何建议 url(主领域?)
http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
In OAuth2 and OpenId Connect you do so by passing the target domain in the “domain_hint” parameter. In ADAL you can pass it via the following:
AuthenticationResult ar =
ac.AcquireToken("https://developertenant.onmicrosoft.com/WebUXplusAPI",
"71aefb3b-9218-4dea-91f2-8b23ce93f387",
new Uri("http://any"), PromptBehavior.Always,
UserIdentifier.AnyUser, "domain_hint=mydomain.com");
In the OWIN middleware for OpenId Connect you can do the same in the RedirectToIdentityProvider notification:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.DomainHint = "mydomain.com";
return Task.FromResult(0);
},
}
});
Finally, in WS-Fed you do the following:
app.UseWsFederationAuthentication(
new WsFederationAuthenticationOptions
{
Notifications = new WsFederationAuthenticationNotifications
{
RedirectToIdentityProvider = (context) =>
{
context.ProtocolMessage.Whr = "mydomain.com";
return Task.FromResult(0);
}
}
}
}
因此,如果您使用的是 ADAL js,只需添加到您的 ADAL init:
extraQueryParameter: 'domain_hint=yourCompany.com'
这对我来说效果不佳。我发现如果我想跳过 Home Realm Discovery 页面,我必须使用 Resource Explorer 并直接在 authSettings 中执行。
This article almost had what I needed (see Default Login Parameters section). However, this article 的解释足以让我在 Resource Explorer 中找到我需要的东西(请参阅显示正确路径的步骤 13)。
主要是找到 authSettings 部分和正确的密钥。您不必在资源浏览器中添加密钥;您只需要添加一个 domain_hint 值。如果你没有看到钥匙,你就在错误的位置。正确的位置是:订阅 -> [您的订阅名称] -> ResourceGroups -> [资源组的名称] -> 提供商 -> Microsoft.Web -> 站点 -> [您的站点名称] -> authsettings