[英]Claims from Azure B2C and ADFS as an Identity Provider
I'm using ADFS as an IdP for Azure B2C through OpenID Connect.我通过 OpenID Connect 使用 ADFS 作为 Azure B2C 的 IdP。 Login works, but I do not receive any claims from ADFS.
登录有效,但我没有收到来自 ADFS 的任何声明。 Here is a part of TrusFrameworkExtensions policy:
以下是 TrusFrameworkExtensions 政策的一部分:
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="UPN" />
<OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="Name" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="contosoAuthentication" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="OpenIDADFS" />
</OutputClaims>
And here is the example of JWT token i receive:这是我收到的 JWT 令牌示例:
{
"exp": 1536674800,
"nbf": 1536671200,
"ver": "1.0",
"iss": "https://login.microsoftonline.com/2263fb1b-1249-4245-a174-cb9d518d7ce3/v2.0/",
"sub": "f5fa8b7b-5e14-4b49-8f9f-33ea5c8b2149",
"aud": "21d60a4b-6e33-4e22-b618-586882744560",
"acr": "b2c_1a_signuporsigninfmdclient",
"nonce": "defaultNonce",
"iat": 1536671200,
"auth_time": 1536671200,
"idp": "OpenIDADFS",
"name": "unknown"
}
No claims in here.这里没有索赔。 Here is my ADFS setup with claims from AD
这是我的 ADFS 设置,其中包含来自 AD 的声明
The relying party policy SignUpOgSignIn信赖方政策 SignUpOgSignIn
<RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignInFmdClient" />
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surname" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
<OutputClaim ClaimTypeReferenceId="identityProvider" />
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
How to receive claims?如何接收理赔?
For anyone else dealing with the same issue or similar issues, the necessary piece was to add <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="UPN" />
对于处理相同问题或类似问题的任何其他人,必要的部分是添加
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="UPN" />
(per Jamie's comment) (根据杰米的评论)
For reference, the B2C custom policy Azure Sample is very helpful.作为参考,B2C 自定义策略 Azure 示例非常有用。 https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/SocialAccounts/TrustFrameworkBase.xml
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/SocialAccounts/TrustFrameworkBase.xml
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.