是否可以使用OpenID

是否可以使用OpenID

关注
发信
关注(28)粉丝(399)

是否可以使用OpenID Connect将FoxID连接到Azure AD?

本文介绍了是否可以使用OpenID Connect将FoxID连接到Azure AD?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

是否可以使用OpenID Connect将FoxID连接到Azure AD?将Azure AD作为FoxID上的上层OP(IdP).

问候符文(JO Informatik)

解决方案

是的,可以使用OpenID Connect在FoxID上将单个租户和多租户Azure AD应用程序连接为上游方.

另请参见

现在可以读取重定向URL 发布注销重定向URL .

创建Azure AD应用

  1. 添加名称
  2. 选择单个租户
  3. (这是一个Web应用程序)添加重定向URL
  4. 点击注册
  5. 复制应用程序(客户端)ID
  6. 复制目录(租户)ID
  7. 转到身份验证"选项卡,并添加FoxID 后注销重定向URL 作为前通道注销URL ,然后单击保存".
  8. 转到证书和证书;机密标签,然后添加客户端机密并复制机密值.

返回上一级的FoxIDs

  1. 添加权限为 https://login.microsoftonline.com/{Azure AD租户ID}/v2.0
  2. 添加个人资料和电子邮件范围
  3. 将Azure AD客户端ID添加为自定义SP客户端ID
  4. 将Azure AD客户端机密值添加为客户端机密
  5. 从ID令牌中选择使用声明
  6. 添加上级接受的声明.例如,preferred_username,email,name,gived_name,family_name,oid,ipaddr
  7. 点击创建.

就是这样,您完成了.现在,可以将新的参加者选择为下参加者的可能参加者.

配置多租户

多租户配置与单租户配置略有不同.

在Azure AD中

  1. 在创建应用期间选择多租户

在FoxIDs派对中

  1. 添加权限 https://login.microsoftonline.com/common/v2.0
  2. 选择编辑发布者
  3. 将发布者更改为 https://login.microsoftonline.com/{Azure AD租户ID}/v2.0 ,您可以添加多个发布者

从访问令牌中读取声明

如果要从访问令牌中读取声明,则需要再添加一个充当资源(API)的Azure AD应用程序.从资源应用程序公开范围,并向另一个Azure AD应用程序授予该资源应用程序范围.然后,将资源应用程序作用域添加为FoxIDs up-party中的作用域.

在此期间,访问令牌由相同的OP(IdP)发出并因此被接受.

Is it possible to connect FoxIDs to Azure AD with OpenID Connect?Having Azure AD as an up-party OP (IdP) on FoxIDs.

RegardsRune (JO Informatik)

解决方案

Yes, it is possible to connect both a single tenant and multitenant Azure AD App as an up-party on FoxIDs using OpenID Connect.

Please also see the documentation.

Configure single tenant

Start creating an OpenID Connect up-party in FoxIDs

  1. Add the name
  2. Select show advanced settings
  3. Select tildes URL binding pattern

It is now possible to read the Redirect URL and Post logout redirect URL.

Create the Azure AD App

  1. Add the name
  2. Select single tenant
  3. (It is a Web application) Add the Redirect URL
  4. Click Register
  5. Copy the Application (client) ID
  6. Copy the Directory (tenant) ID
  7. Go to the Authentication tab and add the FoxIDs Post logout redirect URL as Front-channel logout URL, click save.
  8. Go to the Certificates & secrets tab and add a client secrets and copy the secret value.

Go back to the FoxIDs up-party

  1. Add the authority which is https://login.microsoftonline.com/{Azure AD tenant ID}/v2.0
  2. Add the profile and email scopes
  3. Add the Azure AD client ID as a custom SP client ID
  4. Add the Azure AD client secret value as the client secret
  5. Select use claims from ID token
  6. Add claims which is accepted by the up-party. E.g., preferred_username, email, name, given_name, family_name, oid, ipaddr
  7. Click create.

That is it, you are done. The new up-party can now be selected as a possible up-party in a down-party.

Configure multitenant

The multitenant configuration differs slightly form the single tenant configuration.

In the Azure AD

  1. During the App creation select multitenant

In the FoxIDs up-party

  1. Add the authority https://login.microsoftonline.com/common/v2.0
  2. Select edit issuer
  3. Change the issuer to https://login.microsoftonline.com/{Azure AD tenant ID}/v2.0, you can possible add multiple issuers

Read claims from access token

If you want to read claims from the access token you need to add one more Azure AD App acting as a resource (API). Expose a scope from the resource app and grant the other Azure AD App the resource app scope.Then add the resource app scope as a scope in the FoxIDs up-party.

By during this the access token is issued by the same OP (IdP) and is thereby accepted.

这篇关于是否可以使用OpenID Connect将FoxID连接到Azure AD?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-14 19:01
Powered by LMLPHP ©2024 是否可以使用OpenID 0.032337