我一直在尝试为Office365做SSO并将我的AD与Office365联合起来。当我到达portal.microsoftonline.com并从我的域输入用户名时,例如:user@mydomain.com,页面将被重定向到我的ADFS进行身份验证,用户在他/她的凭据中键入后。
有没有办法对Office365进行主动身份验证,如果我正确使用了这个术语,用户登录我的站点已经使用HttpBinding对我的ADFS主动验证用户,那么还会对Office365进行身份验证?
高级别流程如下:
答案 0 :(得分:2)
没有。要使SSO正常工作,必须在运行ADFS的应用程序中设置cookie。实现这一目标的唯一方法是使用浏览器进行身份验证。当您执行激活身份验证时,不涉及浏览器(它是服务器到服务器的调用)
答案 1 :(得分:0)
以编程方式,使用IE和Powershell,您可以使用如下所示的COM对象。自动登录的完整代码(代码来自的+ drivemap)位于:http://www.lieben.nu/numb3rs/?page_id=129
#start invisible IE instance
try{
$ie = new-object -com InternetExplorer.Application
$ie.visible = $debugmode
}catch{
ac $logfile "failed to start Internet Explorer COM Object, check user permissions`n"
ac $logfile $error[0]
Exit
}
#navigate to OneDrive and log out
$ie.navigate("http://login.microsoftonline.com/logout.srf")
do {sleep 1} until (-not ($ie.Busy))
$ie.quit()
[System.Runtime.Interopservices.Marshal]::ReleaseComObject($ie) > $null
Remove-Variable ie
#start invisible IE instance
$ie = new-object -com InternetExplorer.Application
$ie.visible = $debugmode
#login process
do{
$ie.navigate("https://"+$O365CustomerName+"-my.sharepoint.com/personal/"+$userURL")
do {sleep 1} until (-not ($ie.Busy))
#click to open up the login menu
do {sleep 1} until (-not ($ie.Busy))
try {
$ie.document.GetElementById("_link").click()
do {sleep 1} until (-not ($ie.Busy))
} catch {$null}
#attempt automated login using ADFS / non ADFS methods
if($useADFS){
ac $logfile "useADFS set to true`n"
ac $logfile "attempting ADFS single sign-on`n"
#trigger redirect
try{
$ie.document.GetElementById("cred_keep_me_signed_in_checkbox").click()
$ie.document.GetElementById("cred_userid_inputtext").value = $userUPN
do {sleep 1} until (-not ($ie.Busy))
$ie.document.GetElementById("cred_sign_in_button").click()
do {sleep 1} until (-not ($ie.Busy))
}catch{
ac $logfile "Failed to find the correct controls at $($ie.locationURL) to log in by script, check your browser and proxy settings or check for an update of this script`n"
}
#ADFS redirect can take a while
do {sleep 1} until (-not ($ie.Busy))
Sleep -s1
do {sleep 1} until (-not ($ie.Busy))
sleep -s $ADFSWaitTime
do {sleep 1} until (-not ($ie.Busy))
}else{
try{
$ie.document.GetElementById("cred_userid_inputtext").value = $userUPN
$ie.document.GetElementById("cred_password_inputtext").value = $password
$ie.document.GetElementById("cred_keep_me_signed_in_checkbox").click()
do {sleep 1} until (-not ($ie.Busy))
$ie.document.GetElementById("cred_sign_in_button").click()
do {sleep 1} until (-not ($ie.Busy))
}catch{
ac $logfile "Failed to find the correct controls at $($ie.locationURL) to log in by script, check your browser and proxy settings or check for an update of this script`n"
}
sleep -s 1
do {sleep 1} until (-not ($ie.Busy))
}