我们将 Java 应用程序与 Azure Active Directory 集成。因此,我们目前遇到的问题是,当 Spring Security session 被破坏时,Azure Active Directory session 不会被破坏 (例如,如果在WEB服务器上重新启动Tomcat)
有没有办法知道哪个参数标识 Azure Active Directory session ?或者总的来说,您对如何以最佳方式处理此问题有什么建议吗?
我们使用此示例将 Java 应用程序与 Active Directory 集成。
https://azure.microsoft.com/en-us/resources/samples/active-directory-java-webapp-openidconnect/
谢谢
安迪·G.
最佳答案
有Send a sign-out request部分官方文档使用 OpenID Connect 和 Azure Active Directory 授权访问 Web 应用程序介绍了如何将用户从您的应用程序中注销,如下所示。
Send a sign-out request
When you wish to sign the user out of the app, it is not sufficient to clear your app's cookies or otherwise end the session with the user. You must also redirect the user to the
end_session_endpointfor sign-out. If you fail to do so, the user will be able to reauthenticate to your app without entering their credentials again, because they will have a valid single sign-on session with the Azure AD endpoint.You can simply redirect the user to the
end_session_endpointlisted in the OpenID Connect metadata document:GET https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2FParameter: post_logout_redirect_uri recommended
Description: The URL that the user should be redirected to after successful logout. If not included, the user is shown a generic message.
此外,还有一个 C# 官方示例 Azure-Samples/active-directory-dotnet-web-single-sign-out您可以引用一下。
关于java - 将 Azure AD 集成到 Java Web 应用程序中。如何破解 Azure AD,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54912731/