Azure B2C:自定义声明未通过自定义策略写入 AAD
[英]Azure B2C: Custom claim isn't written into AAD via custom policy
问题描述
It seems that I've hit a road block when it comes to writing custom claims to Azure Active Directory (AAD).
在为 Azure Active Directory (AAD) 编写自定义声明时,我似乎遇到了障碍。 I'm trying to write the organization into ADD, but it appears that when I query the users via Graph API, I don't see any trace of the organization data.我正在尝试将组织写入 ADD,但似乎当我通过 Graph API 查询用户时,我看不到任何组织数据的痕迹。 I'm wondering if there's something off with how I attempted to write the data or there's a techincal detail that I'm not aware of that can cause this issue?我想知道我尝试写入数据的方式是否有问题,或者有一个我不知道的技术细节会导致这个问题?
Here's the custom claim that I want to save to AAD.这是我要保存到 AAD 的自定义声明。
<ClaimType Id="extension_organization">
<DisplayName>Organization Name</DisplayName>
<DataType>string</DataType>
<UserHelpText>Name of admin's organization.</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
And here is where I'm writing the claims (it's pretty much what you would see in the examples):这是我写声明的地方(这几乎就是您在示例中看到的内容):
<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
</InputClaims>
<PersistedClaims>
<!-- Required claims -->
<PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
<PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown" />
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" />
<!-- Optional claims. -->
<PersistedClaim ClaimTypeReferenceId="givenName" />
<PersistedClaim ClaimTypeReferenceId="surname" />
<PersistedClaim ClaimTypeReferenceId="extension_organization" />
</PersistedClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
On an interesting note, it seems that not even the e-mail can be seen.有趣的是,似乎连电子邮件都看不到。
1 个解决方案
解决方案1
1 已采纳 2021-02-25 11:52:42
When querying the Graph API for custom/extension attributes, you will need to make sure you select the extension attributes with the following syntax:在查询图形 API 以获取自定义/扩展属性时,您需要确保select具有以下语法的扩展属性:
extension_{b2cExtensionsAppId}_organization extension_{b2cExtensionsAppId}_organization
Where {b2cExtensionsAppId} is the Application/Client ID for the application in your B2C tenant that is automatically generated:其中{b2cExtensionsAppId}是自动生成的 B2C 租户中应用程序的应用程序/客户端 ID:
b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.
Edit - Remove the dashes (-) from the Extensions Application/Client ID编辑- 从扩展应用程序/客户端 ID 中删除破折号 (-)
79af1ae0-cacb-401a-9a42-1f2178adc0ef gets converted to 79af1ae0cacb401a9a421f2178adc0ef . 79af1ae0-cacb-401a-9a42-1f2178adc0ef被转换为79af1ae0cacb401a9a421f2178adc0ef 。
Example: b2c_79af1ae0cacb401a9a421f2178adc0ef_organization示例: b2c_79af1ae0cacb401a9a421f2178adc0ef_organization
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.