Azure ad b2c 使用验证技术配置文件停止正在运行的函数
我想允许用户选择他们的密码,但前提是没有设置扩展属性 用户旅程调用“LocalAccountWritePasswordUsingObjectId” 这看起来像:Azure ad b2c 使用验证技术配置文件停止正在运行的函数,azure-ad-b2c,Azure Ad B2c,我想允许用户选择他们的密码,但前提是没有设置扩展属性 用户旅程调用“LocalAccountWritePasswordUsingObjectId” 这看起来像: <TechnicalProfile Id="LocalAccountWritePasswordUsingObjectId"> <DisplayName>Change password (username)</DisplayName>
<TechnicalProfile Id="LocalAccountWritePasswordUsingObjectId">
<DisplayName>Change password (username)</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.localaccountpasswordreset</Item>
<Item Key="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">This user has already been added.</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId" ContinueOnError="false" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
<TechnicalProfile Id="AAD-UserWritePasswordUsingObjectId">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" Required="true" />
</InputClaims>
<PersistedClaims>
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration, DisableStrongPassword" />
<PersistedClaim ClaimTypeReferenceId="objectId" />
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
</PersistedClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="EnsureFlagIsTrue" />
</OutputClaimsTransformations>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>
更改密码(用户名)
api.localaccountpasswordreset
已添加此用户。
这定义了一条错误消息(“此用户已被添加”),其验证TP为“AAD UserWritePasswordUsingObjectId”
这看起来像:
<TechnicalProfile Id="LocalAccountWritePasswordUsingObjectId">
<DisplayName>Change password (username)</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.localaccountpasswordreset</Item>
<Item Key="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">This user has already been added.</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId" ContinueOnError="false" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
<TechnicalProfile Id="AAD-UserWritePasswordUsingObjectId">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" Required="true" />
</InputClaims>
<PersistedClaims>
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration, DisableStrongPassword" />
<PersistedClaim ClaimTypeReferenceId="objectId" />
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
</PersistedClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="EnsureFlagIsTrue" />
</OutputClaimsTransformations>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>
写
真的
假的
这有一个OutputClaimTransformation,用于检查扩展属性是否为true
问题在于,当标志为true时,密码重置屏幕上会显示错误消息,但密码仍会更新
如何显示消息并停止密码更新
更新
根据答案,我现在有:
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="ClaimsTransformations-EnsureFlagIsTrue" ContinueOnError="false"/>
<ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId" ContinueOnError="false" />
</ValidationTechnicalProfiles>
添加了索赔格式TP
错误消息仍会显示,但密码仍会更改
检查使用TransformationMethod=“AssertBooleanClaimiSequalValue”,如上所述,错误消息使用“UserMessageIfClaimsFormation BooleanValueIsNoteQual”
我假设这是一个阻止“AAD UserWritePasswordUsingObjectId”的错误从运行开始?LocalAccountWritePasswordUsingObjectId技术配置文件可以在调用AAD UserWritePasswordUsingObjectId技术配置文件之前调用EnsureRefleFlagistrue声明转换作为验证技术配置文件:
您必须确保自断言的技术配置文件可以调用声明转换作为验证技术配置文件。您是否能够解决此问题?我们面临着一个类似的问题,
ContinueOnError
似乎被忽略了