本文介绍了Azure AD-以SAML响应中编码的base64发送密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

大家好-

我将Azure AD用作多个SP的IdP,并且此方法已按预期工作.最近,需要将SAML响应中编码为base64的密码从Azure AD发送到SP(在本例中为Citrix NetScaler).这是 例如,其他IdP(例如SecureAuth或Okta)可能实现.我们希望发送编码后的密码的原因是能够在NetScaler上对其进行解码,并利用解码后的密码对不一定支持SAML的应用执行SSO.这个 这将使我们能够通过NetScaler代理通信并通过IdP执行身份验证,而不会第二次提示用户可能无法看到"的应用程序. SAML令牌及其内容.

示例:https://docs.secureauth.com/display/80/Citrix+NetScaler+AGEE+10.5.X+%28Base64+Encoded+Password+in+SAML+Response%29+Integration+Guide

Azure AD可以做到这一点吗?我想不出一种在预定义的声明/属性内发送编码密码的方法.如果目前无法实现,将来是否有可能?

谢谢!

解决方案


Hi All -

I am leveraging Azure AD as the IdP for several SPs and this has been working as expected. There has recently been a requirement to send the password as base64 encoded within the SAML Response from Azure AD to a SP, in this case Citrix NetScaler. This is possible with other IdP's such as SecureAuth or Okta, for example. The reason we want the encoded password sent is to be able to decode it on the NetScaler and leverage the decoded password to perform SSO for apps that are not necessarily SAML aware. This would allow us to proxy the communication through NetScaler and perform authentication via the IdP while not prompting users a 2nd time for apps that may not be able to "see" the SAML token and its contents. 

An example: https://docs.secureauth.com/display/80/Citrix+NetScaler+AGEE+10.5.X+%28Base64+Encoded+Password+in+SAML+Response%29+Integration+Guide

Is this possible with Azure AD? I couldn't figure out a way to send the encoded password within the predefined claims/attributes. If this isn't possible currently, will this be possible in the future?

Thanks!

解决方案


这篇关于Azure AD-以SAML响应中编码的base64发送密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-27 17:25