SAML2响应不包含已配置的属性 [英] SAML2 response does not contain configured attributes

问题描述

解决方案

您好  Pavel ， 

您是否检查过该对象的emailaddress和email2是否已同步对天蓝色AD进行内部部署。您可以安装

Azure AD powershell 并尝试
connect到MSOnline服务获取 $ b $的输出b为受影响的用户创建"Get-MSolUser cmdlet "。如果您看到Azure AD中包含这些属性的用户帐户的输出，请按照链接进行操作，这意味着属性将同步到云。如果没有，则在用户对象的Azure AD中无法使用您在
作为声明的属性。在这种情况下，您可能需要对

来自内部部署的用户对象同步。如果配置正确，请检查您是否根据文章 https://docs.microsoft.com/en-us /天蓝色/主动目录/管理，应用程序/配置单点登录，非画廊的应用程序＃回顾 - 或 - 自定义 - 的索赔发行，在最SAML令牌。
这可以帮助您了解您正在寻找的索赔值是否可用以及为什么它们不会被退回。 

希望信息有所帮助。如果您有任何疑问，请随时告诉我们。 

谢谢。 

解决方案

Hello Pavel, 

Have you checked if you have the value emailaddress and email2 synced for the object from on-premise to azure AD . You can install Azure AD powershell and try to connect to MSOnline service get the output of Get-MSolUser cmdlet for the affected user. Please follow the links, if you see the output of the User account from Azure AD containing those attributes, that means the attributes are synced to the cloud. If not , then the attributes which you are looking for as claims are not available in Azure AD on the user object . In this case you may need to troubleshoot the user object sync from on-premise. If it is configured correctly , please check if you have setup the user attributes and claims properly as per the article https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications#review-or-customize-the-claims-issued-in-the-saml-token. this may help you in finding out if the claim values you are looking are available and why are they not getting returned. 

Hope the information helps. Should you have any further query, feel free to let us know. 

Thank you. 

这篇关于SAML2响应不包含已配置的属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！