iframe中的IE中AAD身份验证失败

时间:2019-05-17 08:32:49

标签: internet-explorer iframe azure-active-directory single-sign-on

我有一个带有iframe的页面,该页面显示了经过AAD SSO认证的公司网站。

当我直接在IE中访问公司网站时,一切正常,但是当它在iframe中时,它将重定向到login.microsoft.com,然后返回并出现错误:

Forbidden: 

This corporate app can't be accessed.
You are not authorized to access this application
Azure AD Application Proxy 


Azure AD Application Proxy 

Status code:  Forbidden 

Url:  https://mycorporatesite/%3ferror%3daccess_denied%26error_description%3dAADSTS50105%253a%2bThe%2bsigned%2bin%2buser%2b%2527%2... 

 TransactionID:  2656c424-9b94-4af7-8ed3-123b65b6fef9 

 ConnectorGroupId:  b58ad765-2dc9-443e-bed8-70558cc3f463 

 Timestamp:  5/20/2019 7:26:57 AM 

它可在包括IE在内的所有浏览器(包括IE)(甚至在私有模式下)中使用

我不得不提到,我的PC连接到该站点使用的另一AD,但是正如我提到的,当我直接访问该站点时,它可以正常工作。

以下是iframe发出的请求:

GET https://mycorporatesite.com/RestApi/?SPHostUrl=.....
Response 302 / Found
Response Headers: location: https://login.microsoftonline.com/{tenant}/oauth2/authorize?response_type=code&client_id=...

GET https://login.microsoftonline.com/{tenant}/oauth2/authorize?response_type=code&client_id=...
Response 302 / Found
Response Headers: location: https://mycorporatesite.com?error=access_denied&error_description=AADSTS50105%3a+The+signed+in+user+%27%7bEmailHidden%7d%27+is+not+assigned+to+a+role+for+the+application+...

GET https://mycorporatesite.com?error=access_denied&error_description=AADSTS50105%3a+The+signed+in+user+%27%7bEmailHidden%7d%27+is+not+assigned+to+a+role+for+the+application+...
Response 403 / Forbidden

1 个答案:

答案 0 :(得分:0)

这可能与浏览器无关。在其他浏览器中,您是否可能以其他用户身份登录到Azure AD?

当应用程序要求将用户分配给应用程序但未分配登录用户时,将返回您看到的错误消息。