问题
My aim is to acquire silently an Azure AD token from a Domain joined workstation whose domain is connected to Azure AD through Azure AD Connect.
In order to do that I've built the following scenario:
- I configured a Windows Server and an Active Domain on it
- I connected the Active Domain to Azure AD using Azure AD Connect
- I configured the Seamless Sign-On: in fact, if I use a web-browser from a domain joined machine to navigate to the url https://myapps.microsoft.com/my_azure_domain.onmicrosoft.com I'm logged in correctly without user interaction
- If I use this example in order to obtain an Azure AD JWT Token interactively from a domain joined workstation (using the Textual Prompt) everything works fine
- If I use the same example in order to obtain an Azure AD JWT Token silently from a domain joined workstation (using the Windows-integrated security - UserCredential) I obtain the following error:
Inner Exception : password_required_for_managed_user: Password is required for managed user
What am I missing?
Thanks,
Daniele
回答1:
Solved by replacing this code (lines 152 and 212 of this file)
authContext.AcquireTokenAsync(todoListResourceId, clientId, uc)
with this one
authContext.AcquireTokenAsync(todoListResourceId, clientId, new Uri("http://TodoListClient-Headless"), new PlatformParameters(PromptBehavior.Auto)).Result
来源:https://stackoverflow.com/questions/54713158/azure-ad-active-domain-seamless-sign-on