Azure active directory Azure B2C-自定义策略-连接身份提供程序时出错
我一直在尝试为Azure AD B2C添加一个要连接的自定义策略,步骤如下 我用以下内容修改了Facebook的Azure active directory Azure B2C-自定义策略-连接身份提供程序时出错,azure-active-directory,azure-ad-b2c,Azure Active Directory,Azure Ad B2c,我一直在尝试为Azure AD B2C添加一个要连接的自定义策略,步骤如下 我用以下内容修改了Facebook的ClaimsProvider: autodesk.com AutodeskForge 锻造 https://developer.api.autodesk.com/authentication/v1/authorize https://developer.api.autodesk.com/authentication/v1/gettoken https://developer.api.
ClaimsProvider
:
autodesk.com
AutodeskForge
锻造
https://developer.api.autodesk.com/authentication/v1/authorize
https://developer.api.autodesk.com/authentication/v1/gettoken
https://developer.api.autodesk.com/userprofile/v1/users/@我
AutodeskForge
邮递
0
json
json
并在用户从Facebook OAUTH
到FORGE_OAUTH
的旅程中替换了索赔提供商id
运行时,它确实会正确重定向到Autodesk Forge authorize endpoint,但在尝试连接到标识提供程序时失败,返回以下错误:
AADB2C90289: We encountered an error connecting to the identity provider. Please try again later.
Correlation ID: 188d934d-f1f0-48c5-98c4-917b032b94d2
Timestamp: 2019-11-29 10:54:49Z
我不是很有经验的AAD B2C,但似乎我只是错过了一个步骤在某个点上
添加应用程序洞察时,跟踪
日志输出以下内容:
[
{
"Kind": "Headers",
"Content": {
"UserJourneyRecorderEndpoint": "urn:journeyrecorder:applicationinsights",
"CorrelationId": "99e13295-a206-449c-b011-a33422112b29",
"EventInstance": "Event:ClaimsExchange",
"TenantId": "alvarob2c.onmicrosoft.com",
"PolicyId": "B2C_1A_signup_signin"
}
},
{
"Kind": "Transition",
"Content": {
"EventName": "ClaimsExchange",
"StateName": "Initial"
}
},
{
"Kind": "Predicate",
"Content": "Web.TPEngine.StateMachineHandlers.ClaimsExchangeMessageValidationHandler"
},
{
"Kind": "Transition",
"Content": {
"EventName": "ClaimsExchange",
"StateName": "Microsoft.Cpim.Protocols.PartnerProtocolException"
}
},
{
"Kind": "Predicate",
"Content": "Web.TPEngine.StateMachineHandlers.IsPartnerErrorReachesMaximumRetriesHandler"
},
{
"Kind": "HandlerResult",
"Content": {
"Result": true,
"Statebag": {
"MACHSTATE": {
"c": "2019-11-29T11:07:31.6899756Z",
"k": "MACHSTATE",
"v": "Microsoft.Cpim.Protocols.PartnerProtocolException",
"p": true
},
"JC": {
"c": "2019-11-29T11:07:27.797697Z",
"k": "JC",
"v": "en-US",
"p": true
},
"ORCH_CS": {
"c": "2019-11-29T11:07:27.953952Z",
"k": "ORCH_CS",
"v": "2",
"p": true
},
"ORCH_IDX": {
"c": "2019-11-29T11:07:27.953952Z",
"k": "ORCH_IDX",
"v": "0",
"p": true
},
"RA": {
"c": "2019-11-29T11:07:27.953952Z",
"k": "RA",
"v": "0",
"p": true
},
"RPP": {
"c": "2019-11-29T11:07:27.797697Z",
"k": "RPP",
"v": "OAUTH2",
"p": true
},
"RPIPP": {
"c": "2019-11-29T11:07:27.797697Z",
"k": "RPIPP",
"v": "OAuth2ProtocolProvider",
"p": true
},
"OTID": {
"c": "2019-11-29T11:07:27.797697Z",
"k": "OTID",
"v": "alvarob2c.onmicrosoft.com",
"p": true
},
"IC": {
"c": "2019-11-29T11:07:27.9383272Z",
"k": "IC",
"v": "True",
"p": true
},
"MSG(283863a3-02dd-4c87-b4ae-2500a398fed4)": {
"c": "2019-11-29T11:07:27.9383272Z",
"k": "MSG(283863a3-02dd-4c87-b4ae-2500a398fed4)",
"v": "{\"TenantId\":\"alvarob2c.onmicrosoft.com\",\"PolicyId\":\"B2C_1A_signup_signin\",\"RedirectUri\":\"https://jwt.ms/\",\"AdditionalParameters\":{\"p\":\"B2C_1A_signup_signin\"},\"Nonce\":\"defaultNonce\",\"ClientId\":\"4b03fe96-24d9-40b5-b01d-c45b95422b31\",\"ResponseType\":\"id_token\",\"ResponseRedirector\":{\"URI\":\"https://jwt.ms\",\"D\":false,\"WF\":true,\"R\":false},\"Scope\":\"openid\",\"AppModelVersion\":1,\"ScopedProviders\":[]}",
"p": true,
"t": "OAuth2"
},
"IMESSAGE": {
"c": "2019-11-29T11:07:27.9383272Z",
"k": "IMESSAGE",
"v": "283863a3-02dd-4c87-b4ae-2500a398fed4",
"p": true
},
"TAGE": {
"c": "2019-11-29T11:07:31.5024363Z",
"k": "TAGE",
"v": "ForgeExchange",
"p": true
},
"SE": {
"c": "2019-11-29T11:07:27.953952Z",
"k": "SE",
"v": "Social",
"p": true
},
"CMESSAGE": {
"c": "2019-11-29T11:07:31.3461838Z",
"k": "CMESSAGE",
"v": "283863a3-02dd-4c87-b4ae-2500a398fed4",
"p": true
},
"ComplexItems": "_MachineEventQ, REPRM, TCTX, M_EXCP"
},
"PredicateResult": "False"
}
},
{
"Kind": "Predicate",
"Content": "Web.TPEngine.StateMachineHandlers.IsPartnerReauthenticateActionHandler"
},
{
"Kind": "HandlerResult",
"Content": {
"Result": true,
"PredicateResult": "False"
}
},
{
"Kind": "Predicate",
"Content": "Web.TPEngine.StateMachineHandlers.IsPartnerClientInvalidActionHandler"
},
{
"Kind": "HandlerResult",
"Content": {
"Result": true,
"PredicateResult": "False"
}
},
{
"Kind": "Predicate",
"Content": "Web.TPEngine.StateMachineHandlers.NoOpHandler"
},
{
"Kind": "HandlerResult",
"Content": {
"Result": true,
"PredicateResult": "True"
}
},
{
"Kind": "Action",
"Content": "Web.TPEngine.SSO.SSOSessionEndHandler"
},
{
"Kind": "HandlerResult",
"Content": {
"Result": true
}
},
{
"Kind": "Action",
"Content": "Web.TPEngine.StateMachineHandlers.SendErrorHandler"
},
{
"Kind": "HandlerResult",
"Content": {
"Result": true,
"RecorderRecord": {
"Values": [
{
"Key": "SendErrorTechnicalProfile",
"Value": "OAuth2ProtocolProvider"
},
{
"Key": "Exception",
"Value": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "We encountered an error connecting to the identity provider. Please try again later.",
"Data": {
"IsPolicySpecificError": false
}
}
}
]
},
"Statebag": {
"SE": {
"c": "2019-11-29T11:07:31.6899756Z",
"k": "SE",
"v": "",
"p": true
}
}
}
},
{
"Kind": "Action",
"Content": "Web.TPEngine.StateMachineHandlers.TransactionEndHandler"
},
{
"Kind": "HandlerResult",
"Content": {
"Result": true
}
}
]
我也收到了这个错误,因为我传递给身份提供者的客户端ID没有被授权用于我发送给它的重定向URI。我复制了一个自定义策略并保留了原始策略的客户端ID,在IDP中,该策略被授权仅重定向到原始策略。我也收到此错误,因为我传递给身份提供程序的客户端ID未被授权用于我发送给它的重定向URI。我复制了一个自定义策略,并保留了原始策略的客户端ID,在IDP中,该策略被授权仅重定向到原始策略。我在不同的IDP中有相同的错误/症状,但根本原因不同。在我的例子中,我的B2C策略是使用GET而不是POST发送令牌请求,IDP服务器只支持POST。为了纠正这一点,我必须在OAuth2技术概要的元数据部分设置以下内容
<Item Key="HttpBinding">POST</Item>
POST
对于不同的IDP,我有相同的错误/症状,但我的根本原因不同。在我的例子中,我的B2C策略是使用GET而不是POST发送令牌请求,IDP服务器只支持POST。为了纠正这一点,我必须在OAuth2技术概要的元数据部分设置以下内容
<Item Key="HttpBinding">POST</Item>
POST
您应该尝试设置应用程序日志。您将看到确切的错误,然后感谢您的评论,我实际上实现了insight,但未能理解输出。我将用insights结果更新问题。你解决了这个问题吗?你能分享一下解决方案吗?恐怕不行,我最后使用了一种简单的方法,但这是我想回到最后的话题。你应该尝试设置application insights日志记录。您将看到确切的错误,然后感谢您的评论,我实际上实现了insight,但未能理解输出。我将用insights结果更新问题。你解决了这个问题吗?你能分享一下解决方案吗?恐怕不行,我最后使用了一种简单的方法,但我希望最终能回到这个问题上来