如何从Azure AD B2C中的令牌中返回GUID?

huangapple
go评论85阅读模式
英文:

How to return a GUID in token from Azure AD B2C?

问题

我想在用户登录或注册时,从Azure AD B2C自定义策略中生成一个GUID,并每次返回相同的GUID。我在Microsoft的文档中看到可以使用ClaimTransformer来生成GUID,但我不确定在哪里使用ClaimTransformer。是否可以将GUID生成作为OrchestrationStep添加进去?
[NB: 我对AD B2C还不熟悉]

英文:

I want to generate a GUID from an Azure AD B2C custom policy every time the user logs in or signs up and return the same every time. I have seen in the Microsoft documentation that we can use a ClaimTransformer to generate a GUID, but I am not sure where to use the ClaimTransformer. Is it possible to add the GUID generation as an OrchestrationStep?
[NB: I'm new to AD B2C]

答案1

得分: 1

我不确定为什么你不直接使用对象ID作为用户的GUID。如果你需要知道这是否是一个已建立的会话,你可以使用声明objectIdFromSession,在SSO文档中有提到。

以下是你需要的元素:

  1. 一个新的声明类型来保存GUID - 声明类型文档
<ClaimType Id="continuityGuid">
  <DisplayName>用户的连续性</DisplayName>
  <DataType>string</DataType>
  <AdminHelpText>用户的连续性GUID。</AdminHelpText>
  <UserHelpText>用户的连续性GUID。</UserHelpText>
</ClaimType>
  1. 一个用于创建GUID的声明转换 - 声明转换文档
<ClaimsTransformation Id="CP-CreateGuid" TransformationMethod="CreateRandomString">
  <InputParameters>
    <InputParameter Id="randomGeneratorType" DataType="string" Value="GUID" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="continuityGuid" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>
  1. 一个执行声明转换的技术配置文件 - 声明转换协议提供程序文档
<TechnicalProfile Id="Initialise-NewGuid">
  <DisplayName>为用户创建新的GUID</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
  </Metadata>    
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="continuityGuid" />
  </OutputClaims>
  <OutputClaimsTransformations>
    <OutputClaimsTransformation ReferenceId="CP-CreateGuid"/>
  </OutputClaimsTransformations>
</TechnicalProfile>
  1. 添加编排步骤...这取决于你在哪里放置它...也许就在最后一步之前 - 编排步骤文档
<OrchestrationStep Order="4" Type="ClaimsExchange">
  <ClaimsExchanges>
    <ClaimsExchange Id="Generate-NewGuid" TechnicalProfileReferenceId="Initialise-NewGuid"/>
  </ClaimsExchanges>
</OrchestrationStep>
  1. 在依赖方部分输出GUID - 依赖方文档
<OutputClaim ClaimTypeReferenceId="continuityGuid" />
英文:

I'm not sure why you just wouldn't use the object ID for the user as this GUID? If you need to know if this was an already established session you could use the claim objectIdFromSession - referenced in the SSO docs

I might be missing the context, but these are the elements you would need.

A new claim type to hold the GUID - Claim type doc

<ClaimType Id="continuityGuid">
  <DisplayName>User's Continuity </DisplayName>
  <DataType>string</DataType>
  <AdminHelpText>Continuity GUID for the user.</AdminHelpText>
  <UserHelpText>Continuity GUID for the user.</UserHelpText>
</ClaimType>

A claims transformation for creating the GUID - Claims Transformation doc

<ClaimsTransformation Id="CP-CreateGuid" TransformationMethod="CreateRandomString">
  <InputParameters>
    <InputParameter Id="randomGeneratorType" DataType="string" Value="GUID" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="continuityGuid" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

A technical profile to execute the claims transformation - Claims transformation protocol provider doc

<TechnicalProfile Id="Initialise-NewGuid">
  <DisplayName>Create a new guid for the user</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
  </Metadata>    
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="continuityGuid" />
  </OutputClaims>
  <OutputClaimsTransformations>
    <OutputClaimsTransformation ReferenceId="CP-CreateGuid"/>
  </OutputClaimsTransformations>
</TechnicalProfile>

Add the orchestration step... this will be up to you where is best to place it... perhaps just before the final step - Orchestration steps doc

<OrchestrationStep Order="4" Type="ClaimsExchange">
  <ClaimsExchanges>
    <ClaimsExchange Id="Generate-NewGuid" TechnicalProfileReferenceId="Initialise-NewGuid"/>
  </ClaimsExchanges>
</OrchestrationStep>

Output the GUID in the relying party section - Relying party doc

<OutputClaim ClaimTypeReferenceId="continuityGuid" />

huangapple
  • 本文由 发表于 2023年8月9日 14:27:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/76865102.html
  • active-directory
  • azure
  • azure-ad-b2c
  • azure-ad-b2c-custom-policy
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定