我有一个带有iframe的页面,该页面显示了经过AAD SSO认证的公司网站。
当我直接在IE中访问公司网站时,一切正常,但是当它在iframe中时,它将重定向到login.microsoft.com,然后返回并出现错误:
Forbidden:
This corporate app can't be accessed.
You are not authorized to access this application
Azure AD Application Proxy
Azure AD Application Proxy
Status code: Forbidden
Url: https://mycorporatesite/%3ferror%3daccess_denied%26error_description%3dAADSTS50105%253a%2bThe%2bsigned%2bin%2buser%2b%2527%2...
TransactionID: 2656c424-9b94-4af7-8ed3-123b65b6fef9
ConnectorGroupId: b58ad765-2dc9-443e-bed8-70558cc3f463
Timestamp: 5/20/2019 7:26:57 AM
它可在包括IE在内的所有浏览器(包括IE)(甚至在私有模式下)中使用
我不得不提到,我的PC连接到该站点使用的另一AD,但是正如我提到的,当我直接访问该站点时,它可以正常工作。
以下是iframe发出的请求:
GET https://mycorporatesite.com/RestApi/?SPHostUrl=.....
Response 302 / Found
Response Headers: location: https://login.microsoftonline.com/{tenant}/oauth2/authorize?response_type=code&client_id=...
GET https://login.microsoftonline.com/{tenant}/oauth2/authorize?response_type=code&client_id=...
Response 302 / Found
Response Headers: location: https://mycorporatesite.com?error=access_denied&error_description=AADSTS50105%3a+The+signed+in+user+%27%7bEmailHidden%7d%27+is+not+assigned+to+a+role+for+the+application+...
GET https://mycorporatesite.com?error=access_denied&error_description=AADSTS50105%3a+The+signed+in+user+%27%7bEmailHidden%7d%27+is+not+assigned+to+a+role+for+the+application+...
Response 403 / Forbidden
答案 0 :(得分:0)
这可能与浏览器无关。在其他浏览器中,您是否可能以其他用户身份登录到Azure AD?
当应用程序要求将用户分配给应用程序但未分配登录用户时,将返回您看到的错误消息。