返回有关自定义策略的电子邮件 [英] Return emails on custom policies
问题描述
我正在使用自定义策略,我看到内置策略中存在但自定义策略中不存在的电子邮件"字段.有一个名为 otherMails
的声明.
I'm using custom policies and I saw that the field "emails" that exists in built-in policies but doesn't exist in custom policies. There is a claim named otherMails
instead.
- 我想在我的令牌中返回一个带有用户电子邮件列表的
emails
声明. - 我希望在我的注册/登录和密码重置政策中声明.
我正在使用入门包中的自定义策略.但我不知道我应该更改哪个 TechnicalProfiles
.我尝试了一些东西,但没有用.
I'm using the custom policies in the starter pack. But I don't know which TechnicalProfiles
should I change. I tried a few things but it doesn't work.
提前致谢!
推荐答案
编写本地帐户时:您必须使用CreateOtherMailsFromEmail"声明转换从email"声明创建otherMails"声明,然后保留otherMails"声明""AAD-UserWriteUsingLogonEmail" 技术简介中的声明:
When writing a local account: You must create the "otherMails" claim from the "email" claim using the "CreateOtherMailsFromEmail" claims transformation and then persist the "otherMails" claim in the "AAD-UserWriteUsingLogonEmail" technical profile:
<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
...
<IncludeInSso>false</IncludeInSso>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="CreateOtherMailsFromEmail" />
</InputClaimsTransformations>
<InputClaims>
...
</InputClaims>
<PersistedClaims>
...
<PersistedClaim ClaimTypeReferenceId="otherMails" />
</PersistedClaims>
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="otherMails" />
</OutputClaims>
...
</TechnicalProfile>
然后,您必须从用于注册本地帐户的LocalAccountSignUpWithLogonEmail"技术配置文件中传递otherMails"声明:
You must then pass the "otherMails" claim out from the "LocalAccountSignUpWithLogonEmail" technical profile that is invoked to register a local account:
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
...
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="otherMails" />
</OutputClaims>
</TechnicalProfile>
编写社交帐户时:otherMails"声明已根据电子邮件"声明创建,然后保留在AAD-UserWriteUsingAlternativeSecurityId"技术配置文件中.
When writing a social account: The "otherMails" claim is already created from the "email" claim and then persisted in the "AAD-UserWriteUsingAlternativeSecurityId" technical profile.
然后,您必须从用于注册社交帐户的SelfAsserted-Social"技术配置文件中传递otherMails"声明:
You must then pass the "otherMails" claim out from the "SelfAsserted-Social" technical profile that is invoked to register a social account:
<TechnicalProfile Id="SelfAsserted-Social">
...
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="otherMails" />
</OutputClaims>
</TechnicalProfile>
读取本地或社交帐户时:已在AAD-UserReadUsingObjectId"、AAD-UserReadUsingEmailAddress"和AAD-UserReadUsingAlternativeSecurityId"技术配置文件中读取otherMails"声明.
When reading a local or social account: The "otherMails" claim is already read in the "AAD-UserReadUsingObjectId", "AAD-UserReadUsingEmailAddress", and "AAD-UserReadUsingAlternativeSecurityId" technical profiles.
然后,您必须从调用以恢复本地密码的LocalAccountDiscoveryUsingEmailAddress"技术配置文件中传递otherMails"声明:
You must then pass the "otherMails" claim out from the "LocalAccountDiscoveryUsingEmailAddress" technical profile that is invoked to recover a local password:
<TechnicalProfile Id="LocalAccountDiscoveryUsingEmailAddress">
...
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="otherMails" />
</OutputClaims>
</TechnicalProfile>
要根据注册/登录和密码重置政策将otherMail"声明作为电子邮件"发出:您必须将otherMails"声明添加为
依赖方政策:
To issue the "otherMail" claim as "emails" from the sign-up/sign-in and password reset policies: You must add the "otherMails" claim as <OutputClaim />
to the relying party policies:
<RelyingParty>
...
<TechnicalProfile Id="PolicyProfile">
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="otherMails" PartnerClaimType="emails" />
</OutputClaims>
</TechnicalProfile>
</RelyingParty>
这篇关于返回有关自定义策略的电子邮件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!