ADB2C 读取扩展属性使用 SignInWithMagicLink 自定义策略

huangapple go评论58阅读模式
英文:

ADB2C Read extension properties us SignInWithMagicLink Custome Policy

问题

我正在使用自定义策略来进行Magic Link登录签名,具体代码在这里:https://github.com/azure-ad-b2c/samples/blob/master/policies/sign-in-with-magic-link/policy/SignInWithMagicLink.xml

我在ADB2C中定义了扩展属性,但是无法在上述自定义策略中读取它们。它使用AAD-UserReadUsingEmailAddress技术配置文件来读取声明。我已将我的扩展属性添加为输出声明,但值未被读取。
有人能够找出这为什么不起作用吗?

我已在此处添加了扩展属性的输出声明:

<ClaimsProvider>
  <DisplayName>Azure Active Directory</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="AAD-UserReadUsingEmailAddress">
      <Metadata>
        <!--示例:如果未找到用户,则不引发错误。我们有一个编排步骤来处理错误消息-->
        <Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">false</Item>
        <Item Key="client_id">...</Item>
      </Metadata>
      <OutputClaims>
        <!--示例:添加要从目录中读取的可选声明-->
        <OutputClaim ClaimTypeReferenceId="givenName"/>
        <OutputClaim ClaimTypeReferenceId="surname"/>
        <OutputClaim ClaimTypeReferenceId="extension_crmid" />
      </OutputClaims>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
英文:

I am using the Custom Policy for signing with SignInWithMagicLink here
https://github.com/azure-ad-b2c/samples/blob/master/policies/sign-in-with-magic-link/policy/SignInWithMagicLink.xml

I have extension properties defined in ADB2C, however I am unable to read them using above custom policy. It makes use of AAD-UserReadUsingEmailAddress Technical profile to read the claims. I have added my extension property as an output claim, but the value is not being read.
Can any body figure out why this is not working?

I have added the output claim for extension property here

    &lt;ClaimsProvider&gt;
      &lt;DisplayName&gt;Azure Active Directory&lt;/DisplayName&gt;
      &lt;TechnicalProfiles&gt;
        &lt;TechnicalProfile Id=&quot;AAD-UserReadUsingEmailAddress&quot;&gt;
          &lt;Metadata&gt;
            &lt;!--Sample: don&#39;t raise error if user not found. We have an orchestration step to handle the error message--&gt;
            &lt;Item Key=&quot;RaiseErrorIfClaimsPrincipalDoesNotExist&quot;&gt;false&lt;/Item&gt;
            &lt;Item Key=&quot;client_id&quot;&gt;...&lt;/Item&gt;
          &lt;/Metadata&gt;
          &lt;OutputClaims&gt;
            &lt;!--Sample: add optional claims to read from the directory--&gt;
            &lt;OutputClaim ClaimTypeReferenceId=&quot;givenName&quot;/&gt;
            &lt;OutputClaim ClaimTypeReferenceId=&quot;surname&quot;/&gt;
            &lt;OutputClaim ClaimTypeReferenceId=&quot;extension_crmid&quot; /&gt;
          &lt;/OutputClaims&gt;
        &lt;/TechnicalProfile&gt;
      &lt;/TechnicalProfiles&gt;
    &lt;/ClaimsProvider&gt;
  &lt;/ClaimsProviders&gt;

答案1

得分: 1

经过一些调查,我发现我发送到AAD-UserReadUsingEmailAddress的clientId是不正确的。

要能够将扩展属性提供给像UserReadUsingEmailAddress AAD-UserReadUsingObjectId这样的技术配置文件,我们必须指定b2c-extensions-app在App Registrations > All Applications下找到的ClientId和ObjectId。

因此,我从AAD-UserReadUsingEmailAddress的元数据中删除了client_id,并将其添加到由UserReadUsingEmailAddress AAD-UserReadUsingObjectId引用的AAD-Common TechnicalProfile下。


Azure Active Directory

b2c-extensions-app对象ID
b2c-extensions-app客户端ID

此信息如下提供:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-create-custom-attributes-profile-edit-custom

英文:

Ok, after some digging I found that the clientId I was sending to AAD-UserReadUsingEmailAddress was incorrect.

To be able to make available extension attributes to Technical Profiles like UserReadUsingEmailAddress AAD-UserReadUsingObjectId, we have to specify the ClientId and ObjectId of the b2c-extensions-app found under App Registrations > All Applications.

So, I removed client_id from Metadata of AAD-UserReadUsingEmailAddress, and instead added it under AAD-Common TechnicalProfile that is referenced by UserReadUsingEmailAddress AAD-UserReadUsingObjectId

    &lt;TechnicalProfile Id=&quot;AAD-Common&quot;&gt;
      &lt;DisplayName&gt;Azure Active Directory&lt;/DisplayName&gt;
         &lt;Metadata&gt;
        &lt;Item Key=&quot;ApplicationObjectId&quot;&gt;b2c-extensions-app object id&lt;/Item&gt;
        &lt;Item Key=&quot;ClientId&quot;&gt;b2c-extensions-app client id&lt;/Item&gt;
      &lt;/Metadata&gt;
    &lt;/TechnicalProfile&gt;

This information is provided below:
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-create-custom-attributes-profile-edit-custom

huangapple
  • 本文由 发表于 2023年7月28日 02:17:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/76782462.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定