Azure Active Directory B2C自定义错误页面被忽略 [英] Azure Active Directory B2C custom error page is ignored
问题描述
我们有一个自定义的Azure AD B2C登录/注册策略(基于SAML,默认策略无法满足我们的需要).
We have a custom Azure AD B2C Sign-in/Sign-up policy in place (SAML-based, the default policy doesn't do what we need).
我们可以通过如下内容定义自定义页面UI:
We're able to customize the page UI as expected, via a content definition like:
<ContentDefinition Id="api.localaccountsignin">
<LoadUri>https://example.com/SAMLSignIn.html</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>
<Metadata>
<Item Key="DisplayName">Local account sign in page</Item>
</Metadata>
</ContentDefinition>
但是尝试通过以下方式自定义错误页面:
But attempting to customize the error page, via:
<ContentDefinition Id="api.error">
<LoadUri>https://example.com/SAMLErrorPage.html</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:globalexception:1.1.0</DataUri>
<Metadata>
<Item Key="DisplayName">Error page</Item>
</Metadata>
</ContentDefinition>
什么都不会改变.仍然使用SAMLSignIn.html页(尽管包含发生任何登录错误的内容).无论我们是否使用无效的用户名,错误的密码进行测试,都会发生这种情况.
changes nothing. The SAMLSignIn.html page is still used (albeit with the contents of whatever signin error occurred). This happens whether we test with invalid user names, bad passwords, whatever.
甚至设置
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
关联的<ValidationTechnicalProfile>中的
不会强制错误.
in the associated <ValidationTechnicalProfile> doesn't force the error.
在ApplicationInsights中看到的用户旅程仅显示Web.TPEngine.Providers.BadArgumentRetryNeededException;没有其他错误或异常的记录.
The user journey as seen in ApplicationInsights shows only a Web.TPEngine.Providers.BadArgumentRetryNeededException; no other errors or exceptions are logged.
我们如何 导致自定义错误页面用于登录失败(无论出于何种原因)?
How can we cause a custom error page to be used on login failure (for whatever reason)?
像这样的文档似乎暗示我们在做正确的事情(如何创建自定义错误Azure AD B2C中的页面|自定义策略).我找不到任何需要在UserJourney中指定自定义错误处理的建议,也没有找到我们可以采用的任何方法.
The documentation, such as it is, seems to imply we're doing the right thing (as does How to Create a Custom Error Page in Azure AD B2C | Custom Policies). I can't find any suggestion that we need to specify custom error handling in the UserJourney, nor any means by which we could do so if we wanted.
推荐答案
总结:
您正在通过SAML颁发者使用本地帐户登录.这使登录过程发生在Azure AD B2C登录页面上.您看到的错误消息只是常规的验证错误消息.所有这些都发生在登录页面上,而不是错误页面上.错误内容仅在未处理的异常中断用户旅程的执行时由引擎使用.常规登录不是这种情况.
You are using local account sign-in with SAML issuer. This makes sign-in process happen on Azure AD B2C sign-in page. The error messages you see are just regular validation error messages. This all happens on the sign-in page, not the error page. Error content is only used by the engine when an unhandled exception breaks the execution of the user journey. Which is not the case with a regular sign-in.
您用于自定义验证错误的选项仅限于在登录页面上使用纯CSS.
Your option to customize validation errors are limited to using pure CSS on the sign-in page.
一个非常复杂的定制是在这里演示
A really complex customization is demonstrated here
The document describing UI customization in general, is here
And UI customization using custom policy here
我们将尽最大努力提供一些类似以下的错误消息:
At your best effort you will come with some nice error messages like these:
这篇关于Azure Active Directory B2C自定义错误页面被忽略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
