6

How SSO woul work if you have 4 applications which you want to secure them using OpenID Connect token from ADFS?

These 4 applications has no user registery, however they need different claims from IdP (ADFS). Do you need to create 4 different user accounts for each user to be able to log on into all 4 applications?

If you need 4 different user accounts for each user, then do the user need to log-out first from app_1 and log-on on app_2?

I appreciate all kind of advice.

4

1 回答 1

6

假设每个应用程序在 OIDC 模式下从 ADFS 接收一个 ID 令牌,那么作为该 ID 令牌一部分的每个应用程序都将有权访问主题/用户 ID,并可以将该 ID 令牌交换为用户配置文件。作为 OIDC OP 运行的 ADFS 需要配置为为每个应用程序发布适当的声明,当然每个应用程序都应该在初始身份验证时请求适当的所需范围,以便 ADFS 可以授予所需的声明。

每个应用程序都会收到一个 ID 令牌,并开始建立与该用户相关的自己的会话。由于应用程序会话独立于 SSO 会话,因此如果您需要实现单点注销,则需要协调努力。

于 2018-05-07T20:37:53.313 回答