Azure AD B2C自定义策略:获取newUser属性

yws3nbqq  于 2023-06-24  发布在  其他
关注(0)|答案(1)|浏览(109)

我有一些关于AAD B2C自定义策略的问题。这就是我的问题,我想获得newUser属性,但我不确定我做错了什么。
这是我的第一个解决方案,这个技术配置文件的目的是注册部分,我试着把newUser作为Output声明在这里。但我意识到它不工作,因为它是在SM-Noop

<TechnicalProfile Id="NewUserAccountUpdatePrimaryDetails">
          <DisplayName>Profile creation using read only email</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          <Metadata>
            <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
            <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
            <Item Key="language.button_continue">Next</Item>
            <!-- Sample: Remove sign-up email verification -->
            <Item Key="EnforceEmailVerification">False</Item>
          </Metadata>
          <InputClaimsTransformations>
            <InputClaimsTransformation ReferenceId="CreateReadonlyEmailClaim" />
          </InputClaimsTransformations>
          <InputClaims>
            <!--Sample: Set input the ReadOnlyEmail claim type to prefilled the email address-->
            <InputClaim ClaimTypeReferenceId="readOnlyEmail" />
            <InputClaim ClaimTypeReferenceId="country" />
            <!-- Optional claims, to be collected from the user -->
            <InputClaim ClaimTypeReferenceId="displayName" />
            <InputClaim ClaimTypeReferenceId="givenName" />
            <InputClaim ClaimTypeReferenceId="surName" />
            <InputClaim ClaimTypeReferenceId="streetAddress" />
            <InputClaim ClaimTypeReferenceId="city" />
            <InputClaim ClaimTypeReferenceId="state" />
            <InputClaim ClaimTypeReferenceId="postalCode" />
          </InputClaims>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="readOnlyEmail" Required="true" />
            <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
            <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
            <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
            <OutputClaim ClaimTypeReferenceId="authenticationSource" />
            <OutputClaim ClaimTypeReferenceId="country" Required="true" />
            <OutputClaim ClaimTypeReferenceId="displayName"  Required="true"/>
            <OutputClaim ClaimTypeReferenceId="givenName" Required="true"/>
            <OutputClaim ClaimTypeReferenceId="surName" Required="true"/>
            <OutputClaim ClaimTypeReferenceId="newUser" />
            <!-- Optional claims, to be collected from the user -->
            <OutputClaim ClaimTypeReferenceId="streetAddress" />
            <OutputClaim ClaimTypeReferenceId="city" />
            <OutputClaim ClaimTypeReferenceId="state" />
            <OutputClaim ClaimTypeReferenceId="postalCode" />
          </OutputClaims>
          <ValidationTechnicalProfiles>
            <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail-ProfileUpdate" />
          </ValidationTechnicalProfiles>
          <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
        </TechnicalProfile>

现在,我尝试的第二个解决方案是将newUser声明为RelyingParty中的Output声明。

<RelyingParty>
    <DefaultUserJourney ReferenceId="CheckPassReset" />
    <UserJourneyBehaviors>
      <SingleSignOn Scope="Tenant" />
      <JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="4b408c9c-6ef1-43db-82e7-6368e1fc1536"
      DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
      <ScriptExecution>Allow</ScriptExecution>
    </UserJourneyBehaviors>
    <TechnicalProfile Id="PolicyProfile">
      <DisplayName>PolicyProfile</DisplayName>
      <Protocol Name="OpenIdConnect" />
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="email" />
        <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
        <OutputClaim ClaimTypeReferenceId="displayName" />
        <OutputClaim ClaimTypeReferenceId="givenName" />
        <OutputClaim ClaimTypeReferenceId="surname" />
        <OutputClaim ClaimTypeReferenceId="newUser" />
        <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
      </OutputClaims>
      <SubjectNamingInfo ClaimType="sub" />
    </TechnicalProfile>
  </RelyingParty>

我哪里做错了?我在Google和StackOverflow中看到的大多数解决方案都与User Flow相关。我可能错过了什么,但我不知道是什么。
谢谢你的帮助!如果你需要更多的信息,请告诉我。

Azure

1条答案

按热度按时间
j8yoct9x

j8yoct9x1#

在自定义策略入门包中,newUser声明由创建用户(AAD-UserWriteUsingLogonEmail)的技术配置文件生成:

<OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" />

它正在对Graph API运行写操作,如果这创建了一个新用户,则newClaimsPrincipalCreated返回true。然后,上面的输出声明将其Map到newUser声明,然后在下面的步骤中使用该声明。
在您的示例中,AAD-UserWriteUsingLogonEmail-ProfileUpdate听起来像是在更新用户配置文件时完成的写入。如果在这种情况下用户已经存在,newUser声明将始终返回false。如果不是这种情况,则需要将newUser声明添加为输出声明。这看起来确实是一个密码重置流程,其中用户将始终存在。所以newUser总是为false。

赞(0)分享  回复(0)举报  2023-06-24
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com