Office 365单点登录

时间:2013-06-17 04:17:24

标签: ms-office single-sign-on office365 adfs

我一直在尝试为Office365做SSO并将我的AD与Office365联合起来。当我到达portal.microsoftonline.com并从我的域输入用户名时,例如:user@mydomain.com,页面将被重定向到我的ADFS进行身份验证,用户在他/她的凭据中键入后。

有没有办法对Office365进行主动身份验证,如果我正确使用了这个术语,用户登录我的站点已经使用HttpBinding对我的ADFS主动验证用户,那么还会对Office365进行身份验证?

高级别流程如下:

  1. 用户登录我的网站,该网站通过主动身份验证针对ADFS进行身份验证
  2. 用户进入Office365,无需再次登录。

2 个答案:

答案 0 :(得分:2)

没有。要使SSO正常工作,必须在运行ADFS的应用程序中设置cookie。实现这一目标的唯一方法是使用浏览器进行身份验证。当您执行激活身份验证时,不涉及浏览器(它是服务器到服务器的调用)

答案 1 :(得分:0)

以编程方式,使用IE和Powershell,您可以使用如下所示的COM对象。自动登录的完整代码(代码来自的+ drivemap)位于:http://www.lieben.nu/numb3rs/?page_id=129 

#start invisible IE instance
try{
    $ie = new-object -com InternetExplorer.Application
    $ie.visible = $debugmode
}catch{
    ac $logfile "failed to start Internet Explorer COM Object, check user permissions`n"
    ac $logfile $error[0]
    Exit
}
#navigate to OneDrive and log out
$ie.navigate("http://login.microsoftonline.com/logout.srf")
do {sleep 1} until (-not ($ie.Busy)) 
$ie.quit()
[System.Runtime.Interopservices.Marshal]::ReleaseComObject($ie) > $null
Remove-Variable ie

#start invisible IE instance
$ie = new-object -com InternetExplorer.Application
$ie.visible = $debugmode

#login process
do{
    $ie.navigate("https://"+$O365CustomerName+"-my.sharepoint.com/personal/"+$userURL")
    do {sleep 1} until (-not ($ie.Busy))

    #click to open up the login menu
    do {sleep 1} until (-not ($ie.Busy))
    try { 
        $ie.document.GetElementById("_link").click()
        do {sleep 1} until (-not ($ie.Busy)) 
    } catch {$null}

    #attempt automated login using ADFS / non ADFS methods
    if($useADFS){
        ac $logfile "useADFS set to true`n"
        ac $logfile "attempting ADFS single sign-on`n"
        #trigger redirect
        try{
            $ie.document.GetElementById("cred_keep_me_signed_in_checkbox").click()
            $ie.document.GetElementById("cred_userid_inputtext").value = $userUPN
            do {sleep 1} until (-not ($ie.Busy)) 
            $ie.document.GetElementById("cred_sign_in_button").click()
            do {sleep 1} until (-not ($ie.Busy))
        }catch{
            ac $logfile "Failed to find the correct controls at $($ie.locationURL) to log in by script, check your browser and proxy settings or check for an update of this script`n"
        }
        #ADFS redirect can take a while
        do {sleep 1} until (-not ($ie.Busy))
        Sleep -s1
        do {sleep 1} until (-not ($ie.Busy))
        sleep -s $ADFSWaitTime
        do {sleep 1} until (-not ($ie.Busy))
    }else{
        try{
            $ie.document.GetElementById("cred_userid_inputtext").value = $userUPN
            $ie.document.GetElementById("cred_password_inputtext").value = $password
            $ie.document.GetElementById("cred_keep_me_signed_in_checkbox").click()
            do {sleep 1} until (-not ($ie.Busy)) 
            $ie.document.GetElementById("cred_sign_in_button").click()
            do {sleep 1} until (-not ($ie.Busy))
        }catch{
            ac $logfile "Failed to find the correct controls at $($ie.locationURL) to log in by script, check your browser and proxy settings or check for an update of this script`n"
        }
        sleep -s 1
        do {sleep 1} until (-not ($ie.Busy))
    }
相关问题
最新问题