如何从Azure AD B2C返回令牌中的GUID?

huangapple
go评论78阅读模式
英文:

How to return a GUID in token from Azure AD B2C?

问题

我想每次用户登录或注册时,都从Azure AD B2C自定义策略生成一个GUID,并每次返回相同的GUID。我在Microsoft的文档中看到可以使用ClaimTransformer来生成GUID,但我不确定在哪里使用ClaimTransformer。是否可以将GUID生成添加为OrchestrationStep吗?[注意:我对AD B2C不熟悉]

英文:

I want to generate a GUID from an Azure AD B2C custom policy every time the user logs in or signs up and return the same every time. I have seen in the Microsoft documentation that we can use a ClaimTransformer to generate a GUID, but I am not sure where to use the ClaimTransformer. Is it possible to add the GUID generation as an OrchestrationStep?
[NB: I'm new to AD B2C]

答案1

得分: 1

不确定为什么您不只是使用用户的对象ID作为此GUID。如果您需要知道是否已建立会话,您可以使用声明 objectIdFromSession - 在SSO文档中引用。

我可能错过了上下文,但这些是您需要的元素。

一个新的声明类型来保存GUID - 声明类型文档

<ClaimType Id="continuityGuid">
  <DisplayName>用户的连续性 </DisplayName>
  <DataType>string</DataType>
  <AdminHelpText>用户的连续性GUID。</AdminHelpText>
  <UserHelpText>用户的连续性GUID。</UserHelpText>
</ClaimType>

一个用于创建GUID的声明转换 - 声明转换文档

<ClaimsTransformation Id="CP-CreateGuid" TransformationMethod="CreateRandomString">
  <InputParameters>
    <InputParameter Id="randomGeneratorType" DataType="string" Value="GUID" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="continuityGuid" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

执行声明转换的技术配置文件 - 声明转换协议提供程序文档

<TechnicalProfile Id="Initialise-NewGuid">
  <DisplayName>为用户创建新的GUID</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
  </Metadata>    
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="continuityGuid" />
  </OutputClaims>
  <OutputClaimsTransformations>
    <OutputClaimsTransformation ReferenceId="CP-CreateGuid"/>
  </OutputClaimsTransformations>
</TechnicalProfile>

添加编排步骤... 这将取决于您最好放置它的位置... 也许就在最后一步之前 - 编排步骤文档

<OrchestrationStep Order="4" Type="ClaimsExchange">
  <ClaimsExchanges>
    <ClaimsExchange Id="Generate-NewGuid" TechnicalProfileReferenceId="Initialise-NewGuid"/>
  </ClaimsExchanges>
</OrchestrationStep>

在依赖方部分输出GUID - 依赖方文档

<OutputClaim ClaimTypeReferenceId="continuityGuid" />
英文:

I'm not sure why you just wouldn't use the object ID for the user as this GUID? If you need to know if this was an already established session you could use the claim objectIdFromSession - referenced in the SSO docs

I might be missing the context, but these are the elements you would need.

A new claim type to hold the GUID - Claim type doc

&lt;ClaimType Id=&quot;continuityGuid&quot;&gt;
  &lt;DisplayName&gt;User&#39;s Continuity &lt;/DisplayName&gt;
  &lt;DataType&gt;string&lt;/DataType&gt;
  &lt;AdminHelpText&gt;Continuity GUID for the user.&lt;/AdminHelpText&gt;
  &lt;UserHelpText&gt;Continuity GUID for the user.&lt;/UserHelpText&gt;
&lt;/ClaimType&gt;

A claims transformation for creating the GUID - Claims Transformation doc

&lt;ClaimsTransformation Id=&quot;CP-CreateGuid&quot; TransformationMethod=&quot;CreateRandomString&quot;&gt;
  &lt;InputParameters&gt;
    &lt;InputParameter Id=&quot;randomGeneratorType&quot; DataType=&quot;string&quot; Value=&quot;GUID&quot; /&gt;
  &lt;/InputParameters&gt;
  &lt;OutputClaims&gt;
    &lt;OutputClaim ClaimTypeReferenceId=&quot;continuityGuid&quot; TransformationClaimType=&quot;outputClaim&quot; /&gt;
  &lt;/OutputClaims&gt;
&lt;/ClaimsTransformation&gt;

A technical profile to execute the claims transformation - Claims transformation protocol provider doc

&lt;TechnicalProfile Id=&quot;Initialise-NewGuid&quot;&gt;
  &lt;DisplayName&gt;Create a new guid for the user&lt;/DisplayName&gt;
  &lt;Protocol Name=&quot;Proprietary&quot; Handler=&quot;Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null&quot; /&gt;
  &lt;Metadata&gt;
    &lt;Item Key=&quot;IncludeClaimResolvingInClaimsHandling&quot;&gt;true&lt;/Item&gt;
  &lt;/Metadata&gt;    
  &lt;OutputClaims&gt;
    &lt;OutputClaim ClaimTypeReferenceId=&quot;continuityGuid&quot; /&gt;
  &lt;/OutputClaims&gt;
  &lt;OutputClaimsTransformations&gt;
    &lt;OutputClaimsTransformation ReferenceId=&quot;CP-CreateGuid&quot;/&gt;
  &lt;/OutputClaimsTransformations&gt;
&lt;/TechnicalProfile&gt;

Add the orchestration step... this will be up to you where is best to place it... perhaps just before the final step - Orchestration steps doc

&lt;OrchestrationStep Order=&quot;4&quot; Type=&quot;ClaimsExchange&quot;&gt;
  &lt;ClaimsExchanges&gt;
    &lt;ClaimsExchange Id=&quot;Generate-NewGuid&quot; TechnicalProfileReferenceId=&quot;Initialise-NewGuid&quot;/&gt;
  &lt;/ClaimsExchanges&gt;
&lt;/OrchestrationStep&gt;

Output the GUID in the relying party section - Relying party doc

&lt;OutputClaim ClaimTypeReferenceId=&quot;continuityGuid&quot; /&gt;

huangapple
  • 本文由 发表于 2023年8月9日 14:27:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/76865102-2.html
  • active-directory
  • azure
  • azure-ad-b2c
  • azure-ad-b2c-custom-policy
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定