我正在自定义ACS 主领域发现页面,并希望容纳拥有“微软帐户”(又名 LiveID/Passport)或 Office365/Azure Active Directory 帐户的用户。
在这种情况下,可能会发生以下工作流程(据我了解)
一旦登录通过(或失败),登录将级联回 ACS 页面。
将 Azure ACS 与 Azure Active Directory / Office 365 与我创建的自定义 HRD 页面集成的最有效方法是什么(对于最终用户)?
或者更清楚地说,是否有一个 JSON Web 服务,我可以查询以确定给定域或帐户是否存在于“Microsoft 帐户/LiveID”世界中,并检查 AzureAD 是否有相同的东西。
You cannot treat "microsoft accounts" (Windows Live ID / Outlook.com / hotmail / xbox /etc) the same as WAAD accounts when using ACS. When you set up your identity providers in ACS you will need to enable a Windows Live IDP and one IDP for each WAAD instance you are going to allow users to authenticate with. One thing that is not clear to me from your question is if you are needing for you users to be able to authenticate against a single WAAD tenant or from multiple. If one then you only need to configure one WAAD tenant in ACS. If you need to allow users to authenticate against multiple WAAD tenants then you will need to set up and IDP for each in ACS. For example if your web app is a SAAS application with users from companies "Contoso" and "Northwind" and you want them to be able to authenticate against their company's on-premise active directory then you will need two WAAD tenants setup. Each WAAD tenant will need to have federation configured with their given on-premise active directory. Each WAAD tenant in turn would need to be configured in ACS as an IDP. You could name those IDPs distinctly in ACS something like "Contoso WAAD" and "Northwind WAAD". Then in your custom implementation of the HRD page you can either just list all the IDPs and let the user choose, or if you want to be fancier you could parse the JSON results from the ACS endpoint that lists IDP and present them to the user (or just redirect them) based on some other selection they had made.