AAD B2C中的OAUTH-KV Claims Resolver不起作用 [英] OAUTH-KV Claims Resolver in AAD B2C does not work
问题描述
我正在尝试使用 OAUTH-KV
Claims Resolver 提取传递给AAD B2C定制的名为 foo
的参数的值策略 authorize
端点作为声明,也称为 foo
.
foo
ClaimType
被定义为
< ClaimType Id ="foo">< DisplayName> Foo调试声明</DisplayName>< DataType>字符串</DataType>< UserInputType> TextBox</UserInputType></ClaimType>
和 TechnicalProfile
为
< TechnicalProfile Id ="LocalAccount-Register">< DisplayName>注册</DisplayName><协议名称=专有" Handler ="Web.TPEngine.Providers.SelfAssertedAttributeProvider,Web.TPEngine,Version = 1.0.0.0,Culture = neutral,PublicKeyToken = null"/><元数据>< Item Key ="ContentDefinitionReferenceId"> api.localaccount.registration.prescribedfirm</Item>< Item Key ="IpAddressClaimReferenceId"> IpAddress</Item>< Item Key ="language.button_continue"> Create</Item></Metadata>< CryptographicKeys><密钥Id ="issuer_secret" StorageReferenceId ="B2C_1A_TokenSigningKeyContainer"/></CryptographicKeys>< InputClaims>< InputClaim ClaimTypeReferenceId ="foo" DefaultValue ="{OAUTH-KV:foo}"/></InputClaims>< OutputClaims>< OutputClaim ClaimTypeReferenceId ="foo"必需="true"/></OutputClaims>< UseTechnicalProfileForSessionManagement ReferenceId ="SM-AAD"/></TechnicalProfile>
但是 foo
的值显示为 {OAUTH-KV:foo}
,而不是传递的实际值.
我相信我已按照文档中的说明进行操作.
要完成这项工作,我还需要做其他事情吗?
编辑
与索偿解决者有关的文档已于2019年1月25日更新 https://docs.microsoft.com/zh-cn/azure/active-directory-b2c/claim-resolver-overview ,根据它应该起作用.
我无法获得任何声明解析器来显示除标记之外的任何内容,即 {Context:CorrelationId}
, {OIDC:LoginHint}
等.
有人知道要实现此功能是否需要任何神奇的 Metadata
值吗?
我确定我做错了什么,遗漏了一些东西,但是无法弄清楚是什么.
任何有帮助的指针都将受到欢迎.
我知道已经晚了.在此处 >
您必须配置技术资料的元数据,并设置输入声明的 AlwaysUseDefaultValue 属性.
I am trying to use the OAUTH-KV
Claims Resolver to extract the value of a parameter named foo
passed to an AAD B2C custom policy authorize
endpoint as a claim, also named foo
.
The foo
ClaimType
is defined as
<ClaimType Id="foo">
<DisplayName>Foo debug claim</DisplayName>
<DataType>string</DataType>
<UserInputType>TextBox</UserInputType>
</ClaimType>
and the TechnicalProfile
as
<TechnicalProfile Id="LocalAccount-Register">
<DisplayName>Register</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.localaccount.registration.prescribedfirm</Item>
<Item Key="IpAddressClaimReferenceId">IpAddress</Item>
<Item Key="language.button_continue">Create</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="foo" DefaultValue="{OAUTH-KV:foo}" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="foo" Required="true" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
However the value for foo
is displayed as {OAUTH-KV:foo}
rather than the actual value passed.
I believe I have followed the instructions from the documentation.
Is there something else I need to do to make this work?
EDIT
The documentation relating to claim resolvers was updated 25-01-2019 here https://docs.microsoft.com/en-us/azure/active-directory-b2c/claim-resolver-overview, according to which this should work.
I am unable to get any claim resolver to show anything except the markup, i.e. {Context:CorrelationId}
, {OIDC:LoginHint}
, etc.
Does anyone know if there are any magic Metadata
values required to make this work?
I am sure I am doing something wrong, leaving something out, but am unable to figure out what.
Any helpful pointers would be most welcome.
I know it is late. See my answer here
You have to configure the metadata of the technical profile and set the AlwaysUseDefaultValue property of the input claim.
这篇关于AAD B2C中的OAUTH-KV Claims Resolver不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!