具有自定义策略的Azure AD B2C中的多租户Azure AD身份验证 [英] Multi-Tenant Azure AD Auth in Azure AD B2C with Custom Policies
问题描述
我正在尝试使用/common Azure AD enpoint在Azure AD B2C中使用Azure AD Auth.根据
I am trying to use Azure AD Auth in Azure AD B2C using the /common Azure AD enpoint. According to How to sign in any Azure Active Directory (AD) user using the multi-tenant application pattern, there needs to be a mechanism to either:
- 允许多个发行人,或者
- 指定b2c可以针对其进行验证的发行者列表.
我在自定义策略XML中看不到任何可能的设置.我可以在TrustFrameworkExtensions.xml文件中成功创建Azure AD身份验证,而现在不是多租户.
I do not see any possible setting in the custom policies XML that would allow this. I was able to get Azure AD auth created successfully in my TrustFrameworkExtensions.xml file, just not multi-tenant now.
推荐答案
为了支持多租户Azure AD,您需要在自定义策略中为您的ClaimsProvider配置不同的值.
In order to support multi-tenant Azure AD, you'll need to configure your ClaimsProvider in the custom policy with different values.
使用以下值,确保将其替换为client_id和IdTokenAudience.
Use the values below, making sure you replace with client_id and IdTokenAudience.
<Item Key="DiscoverMetadataByTokenIssuer">true</Item>
<Item Key="ValidTokenIssuerPrefixes">https://sts.windows.net/</Item>
<Item Key="authorization_endpoint">https://login.microsoftonline.com/common/oauth2/authorize</Item>
<Item Key="client_id">df5b2515-a8d2-4d91-ab4f-eac6e1e416c2</Item>
<Item Key="BearerTokenTransmissionMethod">AuthorizationHeader</Item>
<Item Key="scope">openid</Item>
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="response_types">id_token</Item>
<Item Key="IdTokenAudience">df5b2515-a8d2-4d91-ab4f-eac6e1e416c2</Item>
警告:此功能甚至在预览中都尚未正式发布,因此请谨慎使用.继续监视官方登录者"使用Azure AD帐户"文档,以查看何时对此进行了全面的记录和支持.
CAUTION: This functionality isn't officially even in preview yet, so use with caution. Keep monitoring the official "Sign in by using Azure AD accounts" documentation to see when this is fully documented and supported.
This functionality is now in preview, see the official documentation for this: Allow users to sign in to a multi-tenant Azure AD identity provider using custom policies
这篇关于具有自定义策略的Azure AD B2C中的多租户Azure AD身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
