堆栈内存溢出
  简体   繁体   English

Azure B2C 和 ADFS 作为身份提供者的声明

[英]Claims from Azure B2C and ADFS as an Identity Provider

 原文  2018-09-11 13:25:56       azure/ openid/ adfs/ azure-ad-b2c

问题描述

I'm using ADFS as an IdP for Azure B2C through OpenID Connect.我通过 OpenID Connect 使用 ADFS 作为 Azure B2C 的 IdP。 Login works, but I do not receive any claims from ADFS.登录有效,但我没有收到来自 ADFS 的任何声明。 Here is a part of TrusFrameworkExtensions policy:以下是 TrusFrameworkExtensions 政策的一部分:

<OutputClaims>
          <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="UPN" />
          <OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />
          <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="Name" />
          <OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
          <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
          <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="contosoAuthentication" />
          <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="OpenIDADFS" />
        </OutputClaims>

And here is the example of JWT token i receive:这是我收到的 JWT 令牌示例:

{
"exp": 1536674800,
  "nbf": 1536671200,
  "ver": "1.0",
  "iss": "https://login.microsoftonline.com/2263fb1b-1249-4245-a174-cb9d518d7ce3/v2.0/",
  "sub": "f5fa8b7b-5e14-4b49-8f9f-33ea5c8b2149",
 "aud": "21d60a4b-6e33-4e22-b618-586882744560",
 "acr": "b2c_1a_signuporsigninfmdclient",
 "nonce": "defaultNonce",
 "iat": 1536671200,
 "auth_time": 1536671200,
 "idp": "OpenIDADFS",
 "name": "unknown"
}

No claims in here.这里没有索赔。 Here is my ADFS setup with claims from AD这是我的 ADFS 设置,其中包含来自 AD 的声明在此处输入图片说明

The relying party policy SignUpOgSignIn信赖方政策 SignUpOgSignIn

  <RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignInFmdClient" />
<TechnicalProfile Id="PolicyProfile">
  <DisplayName>PolicyProfile</DisplayName>
  <Protocol Name="OpenIdConnect" />
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="displayName" />
    <OutputClaim ClaimTypeReferenceId="givenName" />
    <OutputClaim ClaimTypeReferenceId="surname" />
    <OutputClaim ClaimTypeReferenceId="email" />
    <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
    <OutputClaim ClaimTypeReferenceId="identityProvider" />
  </OutputClaims>
  <SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>

How to receive claims?如何接收理赔?

1 个解决方案

解决方案1
 3  2018-09-29 05:05:07

For anyone else dealing with the same issue or similar issues, the necessary piece was to add <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="UPN" />对于处理相同问题或类似问题的任何其他人,必要的部分是添加<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="UPN" />

(per Jamie's comment) (根据杰米的评论)

For reference, the B2C custom policy Azure Sample is very helpful.作为参考,B2C 自定义策略 Azure 示例非常有用。 https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/SocialAccounts/TrustFrameworkBase.xml https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/SocialAccounts/TrustFrameworkBase.xml

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure AD B2C Github 身份提供者不提供任何声明 - Azure AD B2C Github identity provider does not provide any claims 使用Azure AD B2C自定义身份提供程序(OpenID Connect)映射声明 - Mapping claims with Azure AD B2C Custom Identity Provider (OpenID Connect) Azure B2C未从外部身份提供商注销 - Azure B2C not signing out from external Identity provider 外部身份提供商的Azure AD B2C问题 - Azure AD B2C Issues with External Identity Provider Azure AD B2C 自定义标识提供程序 - Azure AD B2C Custom identity provider Azure AD B2C 添加通用 oauth 身份提供程序 - Azure AD B2C add generic oauth identity provider 将自己的身份提供程序添加到Azure AD B2C - Add own Identity Provider to Azure AD B2C Azure AD B2C 中的身份提供商菜单未显示 - Identity Provider menu in Azure AD B2C not showing 将参数传递给 Azure Ad B2C 上的身份提供者 - Pass parameter to Identity Provider on Azure Ad B2C Azure B2C 索赔未通过 - Azure B2C Claims are not coming through
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM