我已在 Azure AD 中注册了 Multi-Tenancy 应用程序,我希望延长登录我的应用程序的用户收到的访问和刷新 token 的生命周期。尽管为 token 创建了默认策略,但我的用户收到的访问 token 是 1 小时。
我创建的策略是:
New-AzureADPolicy -Definition @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"23:00:00","MaxInactiveTime":"90.00:00:00","MaxAgeSingleFactor":"until-revoked","MaxAgeMultiFactor":"until-revoked","MaxAgeSessionSingleFactor":"until-revoked","MaxAgeSessionMultiFactor":"until-revoked"}}') -DisplayName "OrganizationDefaultPolicyScenario" -IsOrganizationDefault $true -Type "TokenLifetimePolicy"
考虑到我的政策可能不会应用于从其他租户登录的用户,我尝试使用以下方法将其专门应用于我的应用:
Add-AzureADApplicationPolicy -Id -RefObjectId but I was presented the error:
Add-AzureADApplicationPolicy : Error occurred while executing AddApplicationPolicy
Code: Request_BadRequest
Message: Policy operations on v2 application are disabled.
InnerError: RequestId: ... DateTimeStamp: Mon, 02 Sep 2019 20:39:54 GMT HttpStatusCode: BadRequest HttpStatusDescription: Bad Request HttpResponseStatus: Completed At line:1 char:1 + Add-AzureADApplicationPolicy -Id ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Add-AzureADApplicationPolicy], ApiException + FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.AddApplica tionPolicy
最佳答案
任何租户的应用程序都将无法添加 Azure AD 策略,此问题需要在设计时考虑,因为 Azure AD 策略被视为 v1 策略,并且不能应用于 V2 应用程序。
以下是对该问题的答复:
Some policies are blocked for converged Applications, since they are not supported by MSA (Microsoft Account) and Azure AD.
The Configurable Token Lifetime will be deprecated later this year and replaced by an new feature for Conditional Access policy.
So, we are not planning to invest into Configurable Token Lifetime to discourage taking dependencies with it.
在第二段中指出,重要的是可配置 token 生命周期策略将被弃用,请检查以下信息:
希望有帮助。
关于azure - 如何修复 AzureADPreview Windows PowerShell 中的 'Policy operations on v2 application are disabled',我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57762571/