tokenIssuancePolicy 资源类型tokenIssuancePolicy resource type

命名空间:microsoft.graphNamespace: microsoft.graph

表示指定由 Azure AD 颁发的 SAML 令牌的特征的策略。Represents the policy to specify the characteristics of SAML tokens issued by Azure AD. 您可以使用令牌颁发策略执行以下操作:You can use token-issuance policies to:

  • 设置签名选项Set signing options
  • 设置签名算法Set signing algorithm
  • 设置 SAML 令牌版本Set SAML token version

继承自 stsPolicyInherits from stsPolicy.


方法Method 返回类型Return Type 说明Description
列出 tokenIssuancePolicyList tokenIssuancePolicy tokenIssuancePolicytokenIssuancePolicy 读取 tokenIssuancePolicy 对象的属性和关系。Read properties and relationships of tokenIssuancePolicy objects.
创建 tokenIssuancePolicyCreate tokenIssuancePolicy tokenIssuancePolicytokenIssuancePolicy 创建 tokenIssuancePolicy 对象。Create a tokenIssuancePolicy object.
获取 tokenIssuancePolicyGet tokenIssuancePolicy tokenIssuancePolicytokenIssuancePolicy 读取 tokenIssuancePolicy 对象的属性和关系。Read properties and relationships of a tokenIssuancePolicy object.
更新 tokenIssuancePolicyUpdate tokenIssuancePolicy None 更新 tokenIssuancePolicy 对象。Update a tokenIssuancePolicy object.
删除 tokenIssuancePolicyDelete tokenIssuancePolicy None 删除 tokenIssuancePolicy 对象。Delete a tokenIssuancePolicy object.
列出 appliesToList appliesTo directoryObject 集合directoryObject collection 获取已应用此策略的 directoryObjects 的列表。Get the list of directoryObjects that this policy has been applied to.


属性Property 类型Type 说明Description
idid StringString 此策略的唯一标识符。Unique identifier for this policy. 只读。Read-only.
定义definition String collectionString collection 一个包含 JSON 字符串的字符串集合,该字符串定义此策略的规则和设置。A string collection containing a JSON string that defines the rules and settings for this policy. 有关此属性的 JSON 架构的更多详细信息,请参阅下文。See below for more details about the JSON schema for this property. 必需。Required.
descriptiondescription StringString 此策略的说明。Description for this policy.
displayNamedisplayName StringString 此策略的显示名称。Display name for this policy. 必需。Required.
isOrganizationDefaultisOrganizationDefault BooleanBoolean 忽略此属性。Ignore this property. 令牌颁发策略仅适用于服务主体,不能为组织全局设置。The token-issuance policy can only be applied to service principals and can't be set globally for the organization.

令牌颁发策略定义的属性Properties of a token issuance policy definition

属性构成表示令牌颁发策略的 JSON 对象。The properties form the JSON object that represents a token issuance policy. 此 JSON 对象必须 转换为转义了引号的字符串 ,以将其插入到 定义 属性中。This JSON object must be converted to a string with quotations escaped to be inserted into the definition property. 以下是 JSON 格式的示例:The following is an example in JSON format:

"definition": [
    "{ \"TokenIssuancePolicy\":{\"TokenResponseSigningPolicy\":\"TokenOnly\",\"SamlTokenVersion\":\"1.1\",\"SigningAlgorithm\":\"\",\"Version\":1}}"
属性Property 类型Type 说明Description
TokenResponseSigningPolicyTokenResponseSigningPolicy StringString 表示 Azure AD 中可用的证书签名选项。Represents the certificate signing options available in Azure AD. 支持的值为: ResponseOnlyTokenOnlyResponseAndTokenSupported values are: ResponseOnly, TokenOnly, ResponseAndToken.
SamlTokenVersionSamlTokenVersion StringString SAML 令牌的版本。Version of the SAML token. 支持的值为: 1.12.0Supported values are: 1.1, 2.0.
SigningAlgorithmSigningAlgorithm StringString Azure AD 使用的签名算法对 SAML 令牌进行签名。Signing algorithm use by Azure AD to sign the SAML token. 支持的值为: values are:,
版本Version 整数Integer 将值设置为1。Set value of 1. 必需。Required.


关系Relationship 类型Type 说明Description
appliesToappliesTo directoryObject 集合directoryObject collection 已将此策略应用于的 directoryObject 集合。The directoryObject collection that this policy has been applied to. 只读。Read-only.

JSON 表示形式JSON representation

下面是资源的 JSON 表示形式。The following is a JSON representation of the resource.

  "definition": ["String"],
  "description": "String",
  "displayName": "String",
  "id": "String (identifier)",
  "isOrganizationDefault": true,