Fatal编程技术网
  • jwt/
  • 如何在登录时在JWT令牌中从Azure Active Directory传递自定义扩展属性?

如何在登录时在JWT令牌中从Azure Active Directory传递自定义扩展属性?

jwt azure-active-directory

如何在登录时在JWT令牌中从Azure Active Directory传递自定义扩展属性?,jwt,azure-active-directory,openid-connect,Jwt,Azure Active Directory,Openid Connect,我在Azure Active Directory中有自定义扩展属性(通过Azure AD Connect映射)。Azure AD上的扩展属性采用extension\的形式创建策略并将其分配给希望在登录时接收令牌的应用程序的服务主体ID 这些是我使用的powershell命令 Connect-AzureAD -Confirm New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClai

我在Azure Active Directory中有自定义扩展属性(通过Azure AD Connect映射)。Azure AD上的扩展属性采用
extension\的形式创建策略并将其分配给希望在登录时接收令牌的应用程序的服务主体ID

这些是我使用的powershell命令


Connect-AzureAD -Confirm

New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true","ClaimsSchema":[{"Source":"user","ID":"extension_uniqueidretracted_extensionAttribute13","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/extensionAttribute13","JwtClaimType":"MyCustomClaim1"},{"Source":"user","ID":"extension_uniqueidretracted_extensionAttribute14","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/extensionAttribute14","JwtClaimType":"MyCustomClaim2"}]}}') -DisplayName "ExtensionAttributeMapping" -Type "ClaimsMappingPolicy"

Add-AzureADServicePrincipalPolicy -Id <ObjectId of the ServicePrincipal> -RefObjectId <ObjectId of the Policy>



连接AzureAD-确认
新AzureADPolicy-定义@(“{”ClaimsMappingPolicy“:{”版本:1,“IncludeBasicClaimSet:“true”,“ClaimsSchema:“[{”源“:”用户“,”ID:“扩展”\u uniqueidretracted\u扩展属性13”,“SamlClaimType:”http://schemas.xmlsoap.org/ws/2005/05/identity/claims/extensionAttribute13,“JwtClaimType”:“MyCustomClaim1”},{“源”:“用户”,“ID”:“extension_uniqueidretracted_extensionAttribute14”,“SamlClaimType”:http://schemas.xmlsoap.org/ws/2005/05/identity/claims/extensionAttribute14,“JwtClaimType”:“MyCustomClaim2”}]}}')-DisplayName“ExtensionAttributeMapping”-Type“ClaimsMappingPolicy”
添加AzureADServicePrincipalPolicy-Id-reObjectId


创建和分配策略是可行的,但标记中仍然不包括属性


我需要做什么才能使这项工作正常?
您需要使用可选声明功能来获取访问令牌中可用的扩展属性中的信息

请仔细阅读文档,它解释了如何实现这一点


  • 确保在Azure AD中的应用程序清单中将acceptMappedClaims设置为true
    • 

  • 尝试使用“ExtensionID”:“extension\u uniqueidretracted\u extensionAttribute13”而不是“ID”:“extension\u uniqueidretracted\u extensionAttribute13”在ClaimsMappingPolicy中
    • 

    你解决过这个问题吗?我遇到了同样的情况。