[英]Is there something special about B2C's givenName and surname claims? Can't read them from the OIDC ClaimsProvider
My OIDC claims provider (Okta) provides the given_name and family_name values to my OIDC test harness app.我的 OIDC 声明提供程序 (Okta) 向我的 OIDC 测试工具应用程序提供 given_name 和 family_name 值。
My Azure B2C claims provider uses the same scopes as my test app, but I can't get the given_name and family_name to be added to the B2C claim,我的 Azure B2C 声明提供程序使用与我的测试应用程序相同的范围,但我无法将 given_name 和 family_name 添加到 B2C 声明中,
Scopes used when calling Okta CP:调用 Okta CP 时使用的范围:
<Item Key="scope">openid profile email</Item>
OutputClaims mapping in Okta CP: Okta CP 中的 OutputClaims 映射:
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" DefaultValue="default value from input ClaimsProvider: email"/>
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" DefaultValue="default value from input ClaimsProvider: givenName"/>
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name" DefaultValue="default value from input ClaimsProvider: surname"/>
This configuration doesn't seem to get the values for these two claims.此配置似乎没有得到这两个声明的值。 It does get the "name" and "email" values, so I feel confident the scopes are being honored.
它确实获得了“名称”和“电子邮件”的值,所以我相信范围得到了尊重。 Using DefaultValues to debug, I see this in the Azure SAML test app.
使用 DefaultValues 进行调试,我在 Azure SAML 测试应用程序中看到了这一点。
SAML Login Success
Attribute Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress JoeBlow@xyz.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name Joe Blow
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname default value from input ClaimsProvider: givenName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname default value from input ClaimsProvider: surname
http://schemas.microsoft.com/identity/claims/userprincipalname JoeBlow@xyz.com
Might be to late for the OP, but we just ran into this as well. OP 可能为时已晚,但我们也遇到了这个问题。 It took us quite a while to find a solution.
我们花了很长时间才找到解决方案。
family_name
+ given_name
are optional claims family_name
+ given_name
是可选声明For those claims to be returned two things need to happen:要退回这些索赔,需要做两件事:
Here is the link to the doc explaining how to ensure an Azure AD app registration returns optional claims (its straight forward and only took 1min todo):以下是文档的链接,解释了如何确保 Azure AD 应用程序注册返回可选声明(它直截了当,只花了 1 分钟的时间):
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims?WT.mc_id=AZ-MVP-5003445#configuring-optional-claims https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims?WT.mc_id=AZ-MVP-5003445#configuring-optional-claims
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.