Azure Active Directory-自定义策略错误 [英] Azure Active Directory - Custom Policy Error
问题描述
我已按照此处提供的指南在Azure AD B2C中设置了自定义策略:
I've set up a Custom Policy in Azure AD B2C following the guide provided here:
https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-setup-sf-app-custom
我实际上已将IdP设置为SSOCircle而不是SalesForce,并且这似乎一直有效,直到重定向到的服务提供商声明消费者网址.
I've actually set up the IdP as SSOCircle instead of SalesForce, and this seems to work until the redirection to the Service Provider Assertion Consumer Url of
我添加了Application Insights以进行故障排除,并且异常详细信息如下:
I've added Application Insights in order to troubleshoot and the exception details are:
未找到ID为"socialIdpUserId"的ClaimType,这是类型为Microsoft.Cpim.Data.Transformations.CreateAlternativeSecurityIdTransformation的类型的ClaimsTransformationImpl所要求的,其为在ID为"CreateAlternativeSecurityId"的ClaimsTransformation中引用的TransformationMethod"CreateAlternativeSecurityId"租户"TENANT.onmicrosoft.com"的策略"B2C_1A_TrustFrameworkBase".
A Claim of ClaimType with id "socialIdpUserId" was not found, which is required by the ClaimsTransformationImpl of Type "Microsoft.Cpim.Data.Transformations.CreateAlternativeSecurityIdTransformation" for TransformationMethod "CreateAlternativeSecurityId" referenced by the ClaimsTransformation with id "CreateAlternativeSecurityId" in policy "B2C_1A_TrustFrameworkBase" of tenant "TENANT.onmicrosoft.com".
任何帮助将不胜感激.
推荐答案
如果您需要用户ID作为SSOCircle的声明,请在SSOCircle Admin UI上导入SAML服务提供者数据时检查"UserID".然后,SSOCircle IDP会将用户名作为"UserID"属性添加到SAML断言中.
If you need the user id as a claim from SSOCircle, please check "UserID" during import of the SAML Service Provider data at the SSOCircle Admin UI. SSOCircle IDP will then add the user name as "UserID" attribute into the SAML assertion.
请参阅提到的Policy Saca,更改以下行:
Referring to Policy Saca mentioned, change the line:
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="userId"/>
到
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="UserID"/>
对其他属性(例如给定名称,姓氏和电子邮件)执行类似操作
Do similar for the other attributes like givenname, surname and email
这篇关于Azure Active Directory-自定义策略错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
