创建 samlOrWsFedExternalDomainFederation
命名空间:microsoft.graph
重要
Microsoft Graph版本下的 /beta API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
创建新的 samlOrWsFedExternalDomainFederation 对象。
权限
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限。
| 权限类型 |
权限(从最低特权到最高特权) |
| 委派(工作或学校帐户) |
IdentityProvider.ReadWrite.All |
| 委派(Microsoft 个人帐户) |
不支持。 |
| 应用程序 |
IdentityProvider.ReadWrite.All |
工作或学校帐户需要属于以下角色之一:
HTTP 请求
POST /directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation
| 名称 |
说明 |
| Authorization |
Bearer {token}。必需。 |
| Content-Type |
application/json. Required. |
请求正文
在请求正文中,提供 samlOrWsFedExternalDomainFederation 对象的 JSON 表示形式。
下表显示了创建 samlOrWsFedExternalDomainFederation 时所需的属性。
| 属性 |
类型 |
说明 |
| displayName |
String |
基于 SAML/WS-Fed 的标识提供者的显示名称。 继承自 identityProviderBase。 |
| issuerUri |
String |
联合服务器的颁发者 URI。 继承自 samlOrWsFedProvider。 |
| metadataExchangeUri |
String |
用于从丰富的客户端应用程序进行身份验证的元数据交换终结点的 URI。 继承自 samlOrWsFedProvider。 |
| passiveSignInUri |
字符串 |
登录到 Azure AD 服务时基于 Web 的客户端定向到的 URI。 继承自 samlOrWsFedProvider。 |
| preferredAuthenticationProtocol |
String |
首选身份验证协议。 支持的值包括 saml 或 wsfed. 继承自 samlOrWsFedProvider。 |
| signingCertificate |
String |
用于对传递给Microsoft 标识平台的令牌进行签名的当前证书。 该证书的格式设置为联合 IdP 令牌签名证书公共部分的 Base64 编码字符串,并且必须与 X509Certificate2 类兼容。
此属性在以下方案中使用: - 如果自动滚动更新外部需要滚动更新
- 正在设置新的联合身份验证服务
- 如果更新联合身份验证服务证书后,联合身份验证属性中不存在新的令牌签名证书。
Azure AD 通过自动滚动更新过程更新证书,在此过程中,Azure AD 会尝试在当前证书过期前 30 天从联合身份验证服务元数据中检索新证书。 如果新证书不可用,Azure AD 将每天监视元数据,并在有新证书可用时更新域的联合身份验证设置。 |
响应
如果成功,此方法在响应正文中返回 201 Created 响应代码和 samlOrWsFedExternalDomainFederation 对象。
示例
请求
POST https://graph.microsoft.com/beta/directory/federationConfigurations/microsoft.graph.samlOrWsFedExternalDomainFederation
Content-Type: application/json
{
"@odata.type": "microsoft.graph.samlOrWsFedExternalDomainFederation",
"issuerUri": "https://contoso.com/issuerUri",
"displayName": "contoso display name",
"metadataExchangeUri": "https://contoso.com/metadataExchangeUri",
"passiveSignInUri": "https://contoso.com/signin",
"preferredAuthenticationProtocol": "wsFed",
"domains": [
{
"@odata.type": "microsoft.graph.externalDomainName",
"id": "contoso.com"
}
],
"signingCertificate": "MIIDADCCAeigAwIBAgIQEX41y8r6"
}
const options = {
authProvider,
};
const client = Client.init(options);
const identityProviderBase = {
'@odata.type': 'microsoft.graph.samlOrWsFedExternalDomainFederation',
issuerUri: 'https://contoso.com/issuerUri',
displayName: 'contoso display name',
metadataExchangeUri: 'https://contoso.com/metadataExchangeUri',
passiveSignInUri: 'https://contoso.com/signin',
preferredAuthenticationProtocol: 'wsFed',
domains: [
{
'@odata.type': 'microsoft.graph.externalDomainName',
id: 'contoso.com'
}
],
signingCertificate: 'MIIDADCCAeigAwIBAgIQEX41y8r6'
};
await client.api('/directory/federationConfigurations')
.version('beta')
.post(identityProviderBase);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/directory/federationConfigurations"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphIdentityProviderBase *identityProviderBase = [[MSGraphIdentityProviderBase alloc] init];
[identityProviderBase setIssuerUri:@"https://contoso.com/issuerUri"];
[identityProviderBase setDisplayName:@"contoso display name"];
[identityProviderBase setMetadataExchangeUri:@"https://contoso.com/metadataExchangeUri"];
[identityProviderBase setPassiveSignInUri:@"https://contoso.com/signin"];
[identityProviderBase setPreferredAuthenticationProtocol: [MSGraphAuthenticationProtocol wsFed]];
NSMutableArray *domainsList = [[NSMutableArray alloc] init];
MSGraphExternalDomainName *domains = [[MSGraphExternalDomainName alloc] init];
[domains setId:@"contoso.com"];
[domainsList addObject: domains];
[identityProviderBase setDomains:domainsList];
[identityProviderBase setSigningCertificate:@"MIIDADCCAeigAwIBAgIQEX41y8r6"];
NSError *error;
NSData *identityProviderBaseData = [identityProviderBase getSerializedDataWithError:&error];
[urlRequest setHTTPBody:identityProviderBaseData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
SamlOrWsFedExternalDomainFederation identityProviderBase = new SamlOrWsFedExternalDomainFederation();
identityProviderBase.issuerUri = "https://contoso.com/issuerUri";
identityProviderBase.displayName = "contoso display name";
identityProviderBase.metadataExchangeUri = "https://contoso.com/metadataExchangeUri";
identityProviderBase.passiveSignInUri = "https://contoso.com/signin";
identityProviderBase.preferredAuthenticationProtocol = AuthenticationProtocol.WS_FED;
LinkedList<ExternalDomainName> domainsList = new LinkedList<ExternalDomainName>();
ExternalDomainName domains = new ExternalDomainName();
domains.id = "contoso.com";
domainsList.add(domains);
ExternalDomainNameCollectionResponse externalDomainNameCollectionResponse = new ExternalDomainNameCollectionResponse();
externalDomainNameCollectionResponse.value = domainsList;
ExternalDomainNameCollectionPage externalDomainNameCollectionPage = new ExternalDomainNameCollectionPage(externalDomainNameCollectionResponse, null);
identityProviderBase.domains = externalDomainNameCollectionPage;
identityProviderBase.signingCertificate = "MIIDADCCAeigAwIBAgIQEX41y8r6";
graphClient.directory().federationConfigurations()
.buildRequest()
.post(identityProviderBase);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewIdentityProviderBase()
displayName := "contoso display name"
requestBody.SetDisplayName(&displayName)
requestBody.SetAdditionalData(map[string]interface{}{
"@odata.type": "microsoft.graph.samlOrWsFedExternalDomainFederation",
"issuerUri": "https://contoso.com/issuerUri",
"metadataExchangeUri": "https://contoso.com/metadataExchangeUri",
"passiveSignInUri": "https://contoso.com/signin",
"preferredAuthenticationProtocol": "wsFed",
"domains": []Object {
}
"signingCertificate": "MIIDADCCAeigAwIBAgIQEX41y8r6",
}
result, err := graphClient.Directory().FederationConfigurations().Post(requestBody)
Import-Module Microsoft.Graph.Identity.DirectoryManagement
$params = @{
"@odata.type" = "microsoft.graph.samlOrWsFedExternalDomainFederation"
IssuerUri = "https://contoso.com/issuerUri"
DisplayName = "contoso display name"
MetadataExchangeUri = "https://contoso.com/metadataExchangeUri"
PassiveSignInUri = "https://contoso.com/signin"
PreferredAuthenticationProtocol = "wsFed"
Domains = @(
@{
"@odata.type" = "microsoft.graph.externalDomainName"
Id = "contoso.com"
}
)
SigningCertificate = "MIIDADCCAeigAwIBAgIQEX41y8r6"
}
New-MgDirectoryFederationConfiguration -BodyParameter $params
响应
下面展示了示例响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "3c41f317-9af3-4266-8ccf-26283ceec888",
"displayName": "contoso display name"
}