2023年1月9日 11:15:03go评论58阅读模式

英文:

Error Invalid username or password in azure AD B2C when add OIDC:ClientId on restAPI before trigger Login-NonInteractive in custom Policy

问题

以下是要翻译的内容：

我在将客户端ID添加到Azure AD B2C中检查用户以验证其登录到正确的数据库并迁移用户（我的应用程序使用多个客户端ID）时遇到了问题。

这是我的声明提供程序：

<ClaimsProvider>
    <DisplayName>通过旧的IdP进行REST API用户迁移</DisplayName>
    <TechnicalProfiles>
        <TechnicalProfile Id="UserMigrationViaLegacyIdp">
            <DisplayName>通过旧的IdP进行REST API用户迁移</DisplayName>
            <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
            <Metadata>
                <Item Key="ServiceUrl">https://473b-180-249-185-45.ap.ngrok.io/v1/CheckUserMigration</Item>
                <Item Key="AuthenticationType">ApiKeyHeader</Item>
                <Item Key="SendClaimsIn">Body</Item>
                <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
                <Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
                <!-- 在生产环境中删除以下行 -->
                <Item Key="AllowInsecureAuthInProduction">true</Item>
            </Metadata>
            <CryptographicKeys>
                <Key Id="x-api-key" StorageReferenceId="B2C_1A_RestApiKey" />
            </CryptographicKeys>
            <InputClaims>
                <InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="email" />
                <InputClaim ClaimTypeReferenceId="password" />
                <InputClaim ClaimTypeReferenceId="client_id" DefaultValue="{OIDC:ClientId}" />
            </InputClaims>
            <OutputClaims>
                <OutputClaim ClaimTypeReferenceId="isMigrationSuccessChecked" />
            </OutputClaims>
            <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
        </TechnicalProfile>
    </TechnicalProfiles>
</ClaimsProvider>

以及用于自助断言本地帐户登录的部分：

<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
    <DisplayName>本地帐户登录</DisplayName>
    <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
    <Metadata>
        <Item Key="setting.showSignupLink">false</Item>
        <Item Key="SignUpTarget">SignUpWithLogonEmailExchange</Item>
        <Item Key="setting.operatingMode">Email</Item>
        <Item Key="ContentDefinitionReferenceId">api.localaccountsignin</Item>
        <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
        <Item Key="setting.forgotPasswordLinkOverride">ForgotPasswordExchange</Item>
    </Metadata>
    <IncludeInSso>false</IncludeInSso>
    <InputClaims>
        <InputClaim ClaimTypeReferenceId="signInName" DefaultValue="{OIDC:LoginHint}" AlwaysUseDefaultValue="true" />
    </InputClaims>
    <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
        <OutputClaim ClaimTypeReferenceId="password" Required="true" />
        <OutputClaim ClaimTypeReferenceId="objectId" />
        <OutputClaim ClaimTypeReferenceId="authenticationSource" />
        <OutputClaim ClaimTypeReferenceId="email" />
    </OutputClaims>
    <ValidationTechnicalProfiles>
        <!-- 在REST API上检查用户迁移 -->
        <ValidationTechnicalProfile ReferenceId="UserMigrationViaLegacyIdp" ContinueOnError="false" />
        <!-- 对Azure AD B2C进行正常登录 -->
        <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
    </ValidationTechnicalProfiles>
    <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>

REST API的端点运行正常，并且客户端ID已经在端点中获取，但当步骤进入login-NonInteractive时会返回错误。

当我尝试删除{OIDC:ClientId}时，用户可以再次登录而不会出现任何错误。

请帮助我解决这个问题，谢谢。

英文:

I have an issue when I add client Id to check the user to our DB in azure AD B2C. I need to check that for validating the user login with correct db and migrate them (my app using multiple client Id)

This is my claims provider

&lt;ClaimsProvider&gt;
      &lt;DisplayName&gt;REST API User Migration Via Legacy IdP&lt;/DisplayName&gt;
      &lt;TechnicalProfiles&gt;
        &lt;TechnicalProfile Id=&quot;UserMigrationViaLegacyIdp&quot;&gt;
          &lt;DisplayName&gt;REST API User Migration Via Legacy IdP&lt;/DisplayName&gt;
          &lt;Protocol Name=&quot;Proprietary&quot; Handler=&quot;Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null&quot; /&gt;
          &lt;Metadata&gt;
            &lt;Item Key=&quot;ServiceUrl&quot;&gt;https://473b-180-249-185-45.ap.ngrok.io/v1/CheckUserMigration&lt;/Item&gt;
            &lt;Item Key=&quot;AuthenticationType&quot;&gt;ApiKeyHeader&lt;/Item&gt;
            &lt;Item Key=&quot;SendClaimsIn&quot;&gt;Body&lt;/Item&gt;
            &lt;Item Key=&quot;IncludeClaimResolvingInClaimsHandling&quot;&gt;true&lt;/Item&gt;
            &lt;Item Key=&quot;RaiseErrorIfClaimsPrincipalDoesNotExist&quot;&gt;true&lt;/Item&gt;
            &lt;!-- REMOVE the following line in production environments --&gt;
            &lt;Item Key=&quot;AllowInsecureAuthInProduction&quot;&gt;true&lt;/Item&gt;
          &lt;/Metadata&gt;
          &lt;CryptographicKeys&gt;
            &lt;Key Id=&quot;x-api-key&quot; StorageReferenceId=&quot;B2C_1A_RestApiKey&quot; /&gt;
          &lt;/CryptographicKeys&gt;
          &lt;InputClaims&gt;
            &lt;InputClaim ClaimTypeReferenceId=&quot;signInName&quot; PartnerClaimType=&quot;email&quot; /&gt;
            &lt;InputClaim ClaimTypeReferenceId=&quot;password&quot; /&gt;
            &lt;InputClaim ClaimTypeReferenceId=&quot;client_id&quot; DefaultValue=&quot;{OIDC:ClientId}&quot; /&gt;
          &lt;/InputClaims&gt;
          &lt;OutputClaims&gt;
            &lt;OutputClaim ClaimTypeReferenceId=&quot;isMigrationSuccessChecked&quot; /&gt;
          &lt;/OutputClaims&gt;
          &lt;UseTechnicalProfileForSessionManagement ReferenceId=&quot;SM-Noop&quot; /&gt;
        &lt;/TechnicalProfile&gt;
      &lt;/TechnicalProfiles&gt;
    &lt;/ClaimsProvider&gt;

and this for the Self Assert Local account sign in

&lt;TechnicalProfile Id=&quot;SelfAsserted-LocalAccountSignin-Email&quot;&gt;
          &lt;DisplayName&gt;Local Account Signin&lt;/DisplayName&gt;
          &lt;Protocol Name=&quot;Proprietary&quot; Handler=&quot;Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null&quot; /&gt;
          &lt;Metadata&gt;
            &lt;Item Key=&quot;setting.showSignupLink&quot;&gt;false&lt;/Item&gt;
            &lt;Item Key=&quot;SignUpTarget&quot;&gt;SignUpWithLogonEmailExchange&lt;/Item&gt;
            &lt;Item Key=&quot;setting.operatingMode&quot;&gt;Email&lt;/Item&gt;
            &lt;Item Key=&quot;ContentDefinitionReferenceId&quot;&gt;api.localaccountsignin&lt;/Item&gt;
            &lt;Item Key=&quot;IncludeClaimResolvingInClaimsHandling&quot;&gt;true&lt;/Item&gt;
            &lt;Item Key=&quot;setting.forgotPasswordLinkOverride&quot;&gt;ForgotPasswordExchange&lt;/Item&gt;
          &lt;/Metadata&gt;
          &lt;IncludeInSso&gt;false&lt;/IncludeInSso&gt;
          &lt;InputClaims&gt;
            &lt;InputClaim ClaimTypeReferenceId=&quot;signInName&quot; DefaultValue=&quot;{OIDC:LoginHint}&quot; AlwaysUseDefaultValue=&quot;true&quot; /&gt;
          &lt;/InputClaims&gt;
          &lt;OutputClaims&gt;
            &lt;OutputClaim ClaimTypeReferenceId=&quot;signInName&quot; Required=&quot;true&quot; /&gt;
            &lt;OutputClaim ClaimTypeReferenceId=&quot;password&quot; Required=&quot;true&quot; /&gt;
            &lt;OutputClaim ClaimTypeReferenceId=&quot;objectId&quot; /&gt;
            &lt;OutputClaim ClaimTypeReferenceId=&quot;authenticationSource&quot; /&gt;
            &lt;OutputClaim ClaimTypeReferenceId=&quot;email&quot; /&gt;
          &lt;/OutputClaims&gt;
          &lt;ValidationTechnicalProfiles&gt;
            &lt;!-- Check user migration on REST API --&gt;
            &lt;ValidationTechnicalProfile ReferenceId=&quot;UserMigrationViaLegacyIdp&quot; ContinueOnError=&quot;false&quot; /&gt;
            &lt;!-- Initiate a normal logon against Azure AD B2C --&gt;
            &lt;ValidationTechnicalProfile ReferenceId=&quot;login-NonInteractive&quot; /&gt;
          &lt;/ValidationTechnicalProfiles&gt;
          &lt;UseTechnicalProfileForSessionManagement ReferenceId=&quot;SM-AAD&quot; /&gt;
        &lt;/TechnicalProfile&gt;

The endpoint for rest API is working fine and the client id is already get in endpoint. but when the step into login-NonInteractive that will return error.

When I try to remove the {OIDC:ClientId} the user can login again without any error

please help me about this

Thankyou

答案1

得分: 1

你正在覆盖clientId并破坏了为login-noninteractive设置的一个。

尝试

&lt;InputClaim ClaimTypeReferenceId=&quot;api_client_id&quot; PartnerClaimType=“client_id” DefaultValue=&quot;{OIDC:ClientId}&quot; /&gt;

英文:

You’re overwriting clientId and breaking the one set for login-noninteractive.

Try

&lt;InputClaim ClaimTypeReferenceId=&quot;api_client_id&quot; PartnerClaimType=“client_id” DefaultValue=&quot;{OIDC:ClientId}&quot; /&gt;

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

Error Invalid username or password in azure AD B2C when add OIDC:ClientId on restAPI before trigger Login-NonInteractive in custom Policy

问题

答案1

如何配置IBM WebSphere应用程序以利用Azure Active Directory？

使用JSON文件通过Java批量将用户上传到Azure B2C活动目录

Azure Active Directory 允许来自另一个租户的访问

Azure Active Directory B2C 访问配置文件通过静态链接错误

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论