azure-active-directory - Does CloudFoundry UAA support graph endpoints for group claim information?
问题描述
We use CloudFoundry UAA for our applications authentication system. We use Microsoft Azure AD as the Identity Provider.
We've run across an issue where users with over 150 AD groups stop getting their groups passed in the SAML token due to Microsoft having a 150 AD group limitation in Azure (We're also ensuring we only send SecurityGroups in the claims info.) Microsoft converts the group claims to a graph endpoint in the SAML token if a user has over 150 AD groups. Microsofts term for this is "overage claim". Our UAA does not appear to know how to handle graph endpoints or "overage claims".
Does UAA support SAML graph endpoints for group claims information? We use this to auto map users from their AD groups to our UAA groups and it's critical to get this working. For now we manually add our UAA groups to our users Shadow profiles as a workaround.
I cannot find information on if UAA supports this and how to enable it.
解决方案
截至本回复之日,UAA 不支持图形端点。Pivotal 现在已将该功能输入到他们的跟踪器中。交货时没有预计到达时间。
对于变通解决方案,您可以使用 AD 角色。如本指南所述: https ://joonasw.net/view/using-groups-vs-using-app-roles-in-azure-ad-apps
跟踪器参考: https ://www.pivotaltracker.com/n/projects/997278/stories/168080479
推荐阅读
- html - 如何在页面上的其他内容下正确定位 HTML 元素?
- informatica - Informatica Cloud 中的文件侦听器
- php - 我将如何只让用户类型“管理员”访问我的 PHP 项目中的某些页面?
- python - 如何在 Django 视图页面中显示外键数据?
- ios - 模态视图中的 SwiftUI 返回值
- java - Spring Boot:特定于 bean 创建配置文件
- python - 在 Python 中查找特定字符串之前的 9 个字符
- python - 如何计算 django 网站的访问量?
- akka - 如何自动扩展分片 Akka 集群?
- node.js - Google Cloud Platform 上的 Node.js 运行时