Azure ad b2c 内置登录用户流返回“;您的密码不正确。”;内置策略是否与自定义注册策略配合使用?
我已经设置了Azure AD B2C应用程序,并创建了列出的必要IdentityFramworks应用程序 当使用内置用户流登录时,我收到“您的密码不正确”,但它是100%正确的密码。 我使用初学者包创建了一个自定义注册策略。 步骤1:Azure ad b2c 内置登录用户流返回“;您的密码不正确。”;内置策略是否与自定义注册策略配合使用?,azure-ad-b2c,Azure Ad B2c,我已经设置了Azure AD B2C应用程序,并创建了列出的必要IdentityFramworks应用程序 当使用内置用户流登录时,我收到“您的密码不正确”,但它是100%正确的密码。 我使用初学者包创建了一个自定义注册策略。 步骤1: 用户ID注册 该用户名已被使用,请选择其他用户名。 访问号码或电子邮件不正确。 IP地址 api.localaccountsignup 用户名 真的 继续 步骤2: <TechnicalProfile Id="LocalAccountSignUpWi
用户ID注册
该用户名已被使用,请选择其他用户名。
访问号码或电子邮件不正确。
IP地址
api.localaccountsignup
用户名
真的
继续
<TechnicalProfile Id="LocalAccountSignUpWithLogonNameStep2">
<DisplayName>User ID signup</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="IpAddressClaimReferenceId">IpAddress</Item>
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
<Item Key="LocalAccountType">Username</Item>
<Item Key="LocalAccountProfile">true</Item>
<Item Key="language.button_continue">Create</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="extension_city" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_address" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_province" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_postalCode" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_psc" Required="false"/>
<OutputClaim ClaimTypeReferenceId="extension_rsc" Required="false"/>
<OutputClaim ClaimTypeReferenceId="extension_altContact" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_altRelation" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_altConPhone" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_sciLevel" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_dateOfOnset" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_termsOfUse" Required="true"/>
<OutputClaim ClaimTypeReferenceId="objectId" Required="true" />
<OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="newUser" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="signup-NonInteractive" />
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonName" />
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
用户ID注册
IP地址
api.localaccountsignup
用户名
真的
创造
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Username">
<DisplayName>Local Account Signin</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="SignUpTarget">SignUpWithLogonUsernameExchange</Item>
<Item Key="setting.operatingMode">Username</Item>
<Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
<Item Key="setting.showSignupLink">False</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
<OutputClaim ClaimTypeReferenceId="password" Required="true" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
本地帐户登录
使用LogonUserNameExchange注册
用户名
api.Self断言
假的
假的
<TechnicalProfile Id="login-NonInteractive">
<DisplayName>Local Account SignIn</DisplayName>
<Protocol Name="OpenIdConnect" />
<Metadata>
<Item Key="client_id">530a3472-...</Item>
<Item Key="IdTokenAudience">f134083a-...</Item>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">We can't seem to find your account</Item>
<Item Key="UserMessageIfInvalidPassword">Your password is incorrect</Item>
<Item Key="UserMessageIfOldPasswordUsed">Looks like you used an old password</Item>
<Item Key="ProviderName">https://sts.windows.net/</Item>
<Item Key="METADATA">https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration</Item>
<Item Key="authorization_endpoint">https://login.microsoftonline.com/{tenant}/oauth2/token</Item>
<Item Key="response_types">id_token</Item>
<Item Key="response_mode">query</Item>
<Item Key="scope">username openid</Item>
<!-- Policy Engine Clients -->
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="HttpBinding">POST</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="client_id" DefaultValue="530a3472-..." />
<InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="f134083a-..." />
<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="username" Required="true" DefaultValue="{OIDC:Username}" />
<InputClaim ClaimTypeReferenceId="password" Required="true" DefaultValue="{OIDC:Password}"/>
<InputClaim ClaimTypeReferenceId="grant_type" DefaultValue="password" />
<InputClaim ClaimTypeReferenceId="scope" DefaultValue="openid" />
<InputClaim ClaimTypeReferenceId="nca" PartnerClaimType="nca" DefaultValue="1" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="username" Required="true" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="oid" />
<OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" PartnerClaimType="upn" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
</OutputClaims>
</TechnicalProfile>
本地帐户登录
530a3472-。。。
f134083a-。。。
我们似乎找不到你的帐户
您的密码不正确
看起来你使用了旧密码
https://sts.windows.net/
https://login.microsoftonline.com/{tenant}/.众所周知的/openid配置
https://login.microsoftonline.com/{tenant}/oauth2/token
身份证
查询
用户名openid
假的
邮递
我知道这篇文章很长,我非常感谢任何意见或帮助。提前感谢您查看您的自定义策略,在注册时,您收集密码的步骤与写入用户的步骤不同,这将导致帐户被禁用。然后导致您在登录时看到的错误。谢谢您的回复。我在哪里能找到那个环境?我在用户配置文件中没有看到它。请尝试使用powershell cmdlet“get-azureaduser”或graph api转储用户。同时查看您的自定义策略,如果注册时您在写入用户的不同步骤中收集密码,则会导致帐户被禁用。若要清理登录页面,请使用正常的组合登录步骤,但禁用使用元数据项注册。请参阅参考文档,了解自我声明的技术配置文件。将其全部放在一个步骤中解决了问题!非常感谢。
<TechnicalProfile Id="login-NonInteractive">
<DisplayName>Local Account SignIn</DisplayName>
<Protocol Name="OpenIdConnect" />
<Metadata>
<Item Key="client_id">530a3472-...</Item>
<Item Key="IdTokenAudience">f134083a-...</Item>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">We can't seem to find your account</Item>
<Item Key="UserMessageIfInvalidPassword">Your password is incorrect</Item>
<Item Key="UserMessageIfOldPasswordUsed">Looks like you used an old password</Item>
<Item Key="ProviderName">https://sts.windows.net/</Item>
<Item Key="METADATA">https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration</Item>
<Item Key="authorization_endpoint">https://login.microsoftonline.com/{tenant}/oauth2/token</Item>
<Item Key="response_types">id_token</Item>
<Item Key="response_mode">query</Item>
<Item Key="scope">username openid</Item>
<!-- Policy Engine Clients -->
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="HttpBinding">POST</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="client_id" DefaultValue="530a3472-..." />
<InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="f134083a-..." />
<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="username" Required="true" DefaultValue="{OIDC:Username}" />
<InputClaim ClaimTypeReferenceId="password" Required="true" DefaultValue="{OIDC:Password}"/>
<InputClaim ClaimTypeReferenceId="grant_type" DefaultValue="password" />
<InputClaim ClaimTypeReferenceId="scope" DefaultValue="openid" />
<InputClaim ClaimTypeReferenceId="nca" PartnerClaimType="nca" DefaultValue="1" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="username" Required="true" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="oid" />
<OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" PartnerClaimType="upn" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
</OutputClaims>
</TechnicalProfile>