1

I've been attempting to do SSO for Office365 and have federated my AD with Office365. When I reach portal.microsoftonline.com and enter a username from my domain eg: user@mydomain.com, the page gets redirected to my ADFS for authentication, there after the user keys in his/her credentials.

Is there a way to do a active authentication for Office365, if I used the term correctly, where a user logs into my site which already actively authenticates a user using a HttpBinding to my ADFS then also gets authenticated for Office365?

The high level flow is as follow:

  1. User signs into my website which is authenticated against the ADFS via active authentication
  2. User proceeds to Office365 and should not need to log in again.
4

2 回答 2

2

不可以。要使 SSO 工作,必须在运行 ADFS 的 donain 中设置 cookie。实现这一点的唯一方法是使用浏览器进行身份验证。当您进行主动身份验证时,不涉及浏览器(它是服务器到服务器的调用)

于 2013-06-17T11:07:51.017 回答
0

以编程方式,使用 IE 和 Powershell,您可以使用如下所示的 COM 对象来实现。自动登录的完整代码(+drivemap,代码来自)在这里:http ://www.lieben.nu/numb3rs/?page_id=129

#start invisible IE instance
try{
    $ie = new-object -com InternetExplorer.Application
    $ie.visible = $debugmode
}catch{
    ac $logfile "failed to start Internet Explorer COM Object, check user permissions`n"
    ac $logfile $error[0]
    Exit
}
#navigate to OneDrive and log out
$ie.navigate("http://login.microsoftonline.com/logout.srf")
do {sleep 1} until (-not ($ie.Busy)) 
$ie.quit()
[System.Runtime.Interopservices.Marshal]::ReleaseComObject($ie) > $null
Remove-Variable ie

#start invisible IE instance
$ie = new-object -com InternetExplorer.Application
$ie.visible = $debugmode

#login process
do{
    $ie.navigate("https://"+$O365CustomerName+"-my.sharepoint.com/personal/"+$userURL")
    do {sleep 1} until (-not ($ie.Busy))

    #click to open up the login menu
    do {sleep 1} until (-not ($ie.Busy))
    try { 
        $ie.document.GetElementById("_link").click()
        do {sleep 1} until (-not ($ie.Busy)) 
    } catch {$null}

    #attempt automated login using ADFS / non ADFS methods
    if($useADFS){
        ac $logfile "useADFS set to true`n"
        ac $logfile "attempting ADFS single sign-on`n"
        #trigger redirect
        try{
            $ie.document.GetElementById("cred_keep_me_signed_in_checkbox").click()
            $ie.document.GetElementById("cred_userid_inputtext").value = $userUPN
            do {sleep 1} until (-not ($ie.Busy)) 
            $ie.document.GetElementById("cred_sign_in_button").click()
            do {sleep 1} until (-not ($ie.Busy))
        }catch{
            ac $logfile "Failed to find the correct controls at $($ie.locationURL) to log in by script, check your browser and proxy settings or check for an update of this script`n"
        }
        #ADFS redirect can take a while
        do {sleep 1} until (-not ($ie.Busy))
        Sleep -s1
        do {sleep 1} until (-not ($ie.Busy))
        sleep -s $ADFSWaitTime
        do {sleep 1} until (-not ($ie.Busy))
    }else{
        try{
            $ie.document.GetElementById("cred_userid_inputtext").value = $userUPN
            $ie.document.GetElementById("cred_password_inputtext").value = $password
            $ie.document.GetElementById("cred_keep_me_signed_in_checkbox").click()
            do {sleep 1} until (-not ($ie.Busy)) 
            $ie.document.GetElementById("cred_sign_in_button").click()
            do {sleep 1} until (-not ($ie.Busy))
        }catch{
            ac $logfile "Failed to find the correct controls at $($ie.locationURL) to log in by script, check your browser and proxy settings or check for an update of this script`n"
        }
        sleep -s 1
        do {sleep 1} until (-not ($ie.Busy))
    }
于 2015-03-26T13:31:22.187 回答