Azure ad b2c id为'的索赔;备用证券ID';在集合-子行程自定义策略中找不到
我在子旅程的第2步中出错Azure ad b2c id为'的索赔;备用证券ID';在集合-子行程自定义策略中找不到,azure-ad-b2c,Azure Ad B2c,我在子旅程的第2步中出错 <SubJourney Id="CreativeFieldSignupSignin" Type="Transfer"> <OrchestrationSteps> <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionRefere
<SubJourney Id="CreativeFieldSignupSignin" Type="Transfer">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="CreativeField" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="CreativeField" TechnicalProfileReferenceId="OIDC-CreativeField" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- Attempt to find the user account in the B2C directory. -->
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadUsingAlternativeSecurityId" TechnicalProfileReferenceId="AAD-UserReadUsingAlternativeSecurityId-NoError" />
</ClaimsExchanges>
</OrchestrationStep>
当我在用户旅程(而不是子旅程)中运行相同的编排步骤时,它会毫无错误地运行。对于无法访问索赔的子行程是否有一些限制
我们使用的是基本AAD UserReadUsingAlternativeSecurityId NoError技术配置文件,它引用了基本AAD UserReadUsingAlternativeSecurityId技术配置文件。我认为导致错误的线路是
<InputClaim ClaimTypeReferenceId="AlternativeSecurityId" PartnerClaimType="alternativeSecurityId" Required="true" />
我不明白为什么我们的提供商会在子旅程中返回空声明,而不是在正常用户旅程中。在每个项目中使用了相同的技术配置文件“OIDC CreativeField”
以下是OIDC CreativeField配置文件:
<TechnicalProfile Id="OIDC-CreativeField">
<DisplayName>Test AAD</DisplayName>
<Description>Test AAD</Description>
<Protocol Name="OpenIdConnect"/>
<Metadata>
<Item Key="METADATA">https://login.microsoftonline.com/[tenant].onmicrosoft.com/v2.0/.well-known/openid-configuration</Item>
<Item Key="client_id">[client id]</Item>
<Item Key="response_types">code</Item>
<Item Key="scope">openid profile</Item>
<Item Key="response_mode">form_post</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="UsePolicyInRedirectUri">false</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="[secret reference id]"/>
</CryptographicKeys>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="oid"/>
<OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid"/>
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="identityProvider" PartnerClaimType="iss" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin"/>
</TechnicalProfile>
测试AAD
测试AAD
https://login.microsoftonline.com/[tenant].onmicrosoft.com/v2.0/。众所周知的/openid配置
[客户id]
代码
openid配置文件
表格邮政
邮递
假的
我们正在使用基本声明转换CreateAlternativeSecurityId
<ClaimsTransformation Id="CreateAlternativeSecurityId" TransformationMethod="CreateAlternativeSecurityId">
<InputClaims>
<InputClaim ClaimTypeReferenceId="issuerUserId" TransformationClaimType="key" />
<InputClaim ClaimTypeReferenceId="identityProvider" TransformationClaimType="identityProvider" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="alternativeSecurityId" TransformationClaimType="alternativeSecurityId" />
</OutputClaims>
</ClaimsTransformation>