Azure Active Directory B2C 自定义错误页面被忽略 [英] Azure Active Directory B2C custom error page is ignored
问题描述
我们有一个自定义的 Azure AD B2C 登录/注册策略(基于 SAML,默认策略不能满足我们的需要).
我们可以通过如下内容定义自定义页面 UI:
<ContentDefinition Id="api.localaccountsignin"><LoadUri>https://example.com/SAMLSignIn.html</LoadUri><RecoveryUri>~/common/default_page_error.html</RecoveryUri><DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri><元数据><Item Key="DisplayName">本地账号登录页面</Item></元数据></内容定义>但尝试自定义错误页面,通过:
<ContentDefinition Id="api.error"><LoadUri>https://example.com/SAMLErrorPage.html</LoadUri><RecoveryUri>~/common/default_page_error.html</RecoveryUri><DataUri>urn:com:microsoft:aad:b2c:elements:globalexception:1.1.0</DataUri><元数据><Item Key="DisplayName">错误页面</Item></元数据></内容定义>没有任何改变.SAMLSignIn.html 页面仍在使用(尽管包含发生的任何登录错误的内容).无论我们使用无效的用户名、错误的密码等进行测试,都会发生这种情况.
均匀设置
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>在相关的 <ValidationTechnicalProfile> 中不会强制出错.
在 ApplicationInsights 中看到的用户旅程仅显示 Web.TPEngine.Providers.BadArgumentRetryNeededException;没有记录其他错误或异常.
我们如何在登录失败时使用自定义错误页面(无论出于何种原因)?
文档似乎暗示我们正在做正确的事情(
We have a custom Azure AD B2C Sign-in/Sign-up policy in place (SAML-based, the default policy doesn't do what we need).
We're able to customize the page UI as expected, via a content definition like:
<ContentDefinition Id="api.localaccountsignin">
<LoadUri>https://example.com/SAMLSignIn.html</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>
<Metadata>
<Item Key="DisplayName">Local account sign in page</Item>
</Metadata>
</ContentDefinition>
But attempting to customize the error page, via:
<ContentDefinition Id="api.error">
<LoadUri>https://example.com/SAMLErrorPage.html</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:globalexception:1.1.0</DataUri>
<Metadata>
<Item Key="DisplayName">Error page</Item>
</Metadata>
</ContentDefinition>
changes nothing. The SAMLSignIn.html page is still used (albeit with the contents of whatever signin error occurred). This happens whether we test with invalid user names, bad passwords, whatever.
Even setting
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
in the associated <ValidationTechnicalProfile> doesn't force the error.
The user journey as seen in ApplicationInsights shows only a Web.TPEngine.Providers.BadArgumentRetryNeededException; no other errors or exceptions are logged.
How can we cause a custom error page to be used on login failure (for whatever reason)?
The documentation, such as it is, seems to imply we're doing the right thing (as does How to Create a Custom Error Page in Azure AD B2C | Custom Policies). I can't find any suggestion that we need to specify custom error handling in the UserJourney, nor any means by which we could do so if we wanted.
To summarize:
You are using local account sign-in with SAML issuer. This makes sign-in process happen on Azure AD B2C sign-in page. The error messages you see are just regular validation error messages. This all happens on the sign-in page, not the error page. Error content is only used by the engine when an unhandled exception breaks the execution of the user journey. Which is not the case with a regular sign-in.
Your option to customize validation errors are limited to using pure CSS on the sign-in page.
A really complex customization is demonstrated here
The document describing UI customization in general, is here
And UI customization using custom policy here
At your best effort you will come with some nice error messages like these:
这篇关于Azure Active Directory B2C 自定义错误页面被忽略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
