如何使用 ADFS 将外部身份(例如 Yahoo)映射到内部 AD 身份
想象一下,我有 ADFS 位于 AD 之上,并且有许多内部用户登录到声明感知应用程序并从 AD 获取声明。
同时,我们有外部用户,他们必须首先注册,然后使用其注册的外部身份登录。
Azure ACS 是一个可以与 ADFS 联合的 STS。这允许外部用户使用 Yahoo / Facebook / Google 等登录。
现在想象一下,我们希望允许现有的外部用户能够使用他们现有的 Yahoo 帐户登录。
我如何将他们的 Yahoo 凭据与存储在 AD 中的信息关联起来?
新的外部用户在注册时需要哪些信息,以便他们可以选择现有的雅虎帐户作为登录名,但仍然能够在 AD 中找到他们的正确身份?
Imagine I have ADFS sitting on top of AD and lots of internal users who log in to a claims-aware application and get claims from the AD.
At the same time we have external users who have to first register and then subsequently login with their registered external identity.
Azure ACS is a STS that I can federate with ADFS. This allows external users to log in using Yahoo / Facebook / Google etc.
Now imagine that we want to allow existing external users to be able to login with e.g. their existing Yahoo account.
How do I associate e.g. their Yahoo credentials with the information that is stored in the AD?
What information would be required for new external users when registering so that they could select e.g. their existing Yahoo account as their login yet still be able to find their correct identity within AD?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
没有回复,因此在 基于索赔的访问平台(CBA),代号日内瓦论坛。
摘要:对于现有用户,他们可以将其现有帐户与网络身份相关联。
对于新用户,系统会询问他们是否想要使用现有身份或为该网站选择特定身份。
No response so asked the question on the Claims based access platform (CBA), code-named Geneva forum.
Summary: For existing users, they would have a facility to associate their existing account with a web identity.
For new users, they would be asked if they wanted to use an existing identity or pick a specific one for this site.