Azure AD B2C自定义策略中的Json类型声明 [英] Json type claim in Azure AD B2C custom policies
问题描述
我正在使用Azure AD B2C自定义策略从第三方获取声明,并将其映射到Azure AD B2C令牌中返回的声明.
I am using Azure AD B2C custom policies to get claims from a third party and map it to the claims which are returned in the Azure AD B2C token.
如果第三方以字符串形式返回索赔,则我在保单中的用户"旅程运行良好.我的问题是第三方以json的形式返回声明.我无法在B2C策略的XML模式中找到任何可以处理这种情况的 .
If the third party returns claims in the form of string, my User journey in the policy works fine. My problem is that the third party is returning the claims in the form of json. I couldn't find any relavant in the B2C policy's XML Schema that can handle this case.
是否可以使用Azure AD B2C自定义策略来做到这一点?
Is there any way to do this using Azure AD B2C Custom policies ?
推荐答案
尽管我不知道您使用的是哪个第三方身份提供程序,但我认为您可以通过在自定义策略中添加自定义提供程序来实现添加该提供程序.
Though I don't know what third part identity provider you're using, but I think you can achieve add the provider by adding custom providers in custom policies.
首先,根据您的帖子,我假设您正在使用Oauth/OIDC提供程序.
First, according to your post , I assume that you're using the Oauth/OIDC provider.
示例:使用自定义策略将LinkedIn添加为身份提供者:
Example: Add LinkedIn as an identity provider by using custom policies:
在<ClaimsProviders>元素中,添加以下XML代码段:
In the <ClaimsProviders> element, add the following XML snippet:
<ClaimsProvider>
<Domain>linkedin.com</Domain>
<DisplayName>LinkedIn</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="LinkedIn-OAUTH">
<DisplayName>LinkedIn</DisplayName>
<Protocol Name="OAuth2" />
<Metadata>
<Item Key="ProviderName">linkedin</Item>
<Item Key="authorization_endpoint">https://www.linkedin.com/oauth/v2/authorization</Item>
<Item Key="AccessTokenEndpoint">https://www.linkedin.com/oauth/v2/accessToken</Item>
<Item Key="ClaimsEndpoint">https://api.linkedin.com/v1/people/~:(id,first-name,last-name,email-address,headline)</Item>
<Item Key="ClaimsEndpointAccessTokenName">oauth2_access_token</Item>
<Item Key="ClaimsEndpointFormatName">format</Item>
<Item Key="ClaimsEndpointFormat">json</Item>
<Item Key="scope">r_emailaddress r_basicprofile</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="UsePolicyInRedirectUri">0</Item>
<Item Key="client_id">Your LinkedIn application client ID</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_LinkedInSecret" />
</CryptographicKeys>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="id" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="firstName" />
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="lastName" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="emailAddress" />
<!--<OutputClaim ClaimTypeReferenceId="jobTitle" PartnerClaimType="headline" />-->
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="linkedin.com" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
此外,您可以添加<Item Key="AccessTokenResponseFormat">json</Item>声明终结点的json类型.
Also, you can add <Item Key="AccessTokenResponseFormat">json</Item> to claim json type of endpoint.
通过使用本文档中的自定义策略,您可以查看有关将LinkedIn添加为身份提供者的更多详细信息.
You can see more details about Adding LinkedIn as an identity provider by using custom policies in this document.
其他:
我不知道您使用的是哪个第三身份提供商,如果有帮助,请告诉我.
I don't know what third identity provider you're using , if it helps ,please let me know.
这篇关于Azure AD B2C自定义策略中的Json类型声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
