通过自声明电子邮件查找用户,并重定向到用户的社交登录提供商(如果该用户存在) [英] Lookup user by self-asserted email and redirect to user's social login provider if the user exists
问题描述
我正试图提出一个Azure AD B2C策略,以根据步骤1中提供的电子邮件地址查找用户.
I'm trying to come up with a Azure AD B2C policy to lookup the user based on the email address provided in step 1.
如何使用提供的自我声明的电子邮件地址查询AAD,然后将用户重定向到他们注册的社交登录提供商(如果有)?
How do I query AAD using the self asserted email address provided and then redirect the user to the social login provider they signed up with (if any)?
我为业务流程步骤准备了一个草稿:
I have a rough draft for the Orchestration Step:
<OrchestrationStep Order="3" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AAD-UserReadIssuersUsingSignInName" TechnicalProfileReferenceId="AAD-UserReadIssuersUsingSignInName" />
</ClaimsExchanges>
</OrchestrationStep>
以及技术简介
<TechnicalProfile Id="AAD-UserReadIssuersUsingSignInName">
<Metadata>
<Item Key="Operation">Read</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">false</Item>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">An account could not be found for the provided user ID.</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.emailAddress" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="issuers" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="AssertAccountEnabledIsTrue" />
</OutputClaimsTransformations>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>
上传政策时,我收到1个验证错误.
When I upload the policy I get 1 validation error.
验证失败:在策略"***"策略"***"的Azure Active Directory提供商技术配置文件"AAD-UserReadIssuersUsingSignInName"中不支持输出声明"issuers".如果这是具有默认值的声明,则在其后添加AlwaysUseDefaultValue ="true".策略"B2C_1A_SignUpSignInLSG_Test"的Azure Active Directory提供程序技术配置文件"AAD-UserReadIssuersUsingSignInName"中不支持输出声明".如果这是具有默认值的声明,则在其后添加AlwaysUseDefaultValue ="true".到输出声明映射
Validation failed: 1 validation error(s) found in policy " *** " of tenant "*** .onmicrosoft.com".Output Claim 'issuers' is not supported in Azure Active Directory Provider technical profile 'AAD-UserReadIssuersUsingSignInName' of policy ' *** '. If it is a claim with default value, add AlwaysUseDefaultValue="true" to the output claim mapping.Output Claim 'issuers' is not supported in Azure Active Directory Provider technical profile 'AAD-UserReadIssuersUsingSignInName' of policy 'B2C_1A_SignUpSignInLSG_Test'. If it is a claim with default value, add AlwaysUseDefaultValue="true" to the output claim mapping
推荐答案
如错误消息中所述:不是可以从目录读取的有效Azure AD声明.您必须阅读受支持的属性.此文档页面中提供了受支持的声明列表:
As explained in the error message: "issuers" is not a valid Azure AD claim that you can read from the directory. You must read a supported attribute. The list of supported claims is provided in this docs page: https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-profile-attributes
正在查找的信息可以通过阅读"alternateSecurityIds"找到.宣称.然后,您需要使用 GetIdentityProvidersFromAlternativeSecurityIdCollectionTransformation 声明转换,以便解析该用户的身份提供者.
The information you are looking for can be found be reading the "alternateSecurityIds" claim. You would then need to use the GetIdentityProvidersFromAlternativeSecurityIdCollectionTransformation claim transformation in order to parse out the identity providers for that user.
这篇关于通过自声明电子邮件查找用户,并重定向到用户的社交登录提供商(如果该用户存在)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
