[英]Use REST API to external IDP to validate user existence in JIT migration in Azure B2C before creating new AD local account
I am attempting to configure a Sign in to Azure B2C that is designed to check an existing IDP for the user and ADD them as a local account if they currently do not exist as a local account.我正在尝试配置登录到 Azure B2C,旨在检查用户的现有 IDP,如果它们当前不作为本地帐户存在,则将它们添加为本地帐户。 Basically I want to:基本上我想:
I think this would be considered a just in time migration.我认为这将被视为及时迁移。 I have taken a look at this read me: https://github.com/azure-ad-b2c/user-migration/blob/master/jit-migration-v2/readme.md and it seems to be what I need.我看过这个读我: https://github.com/azure-ad-b2c/user-migration/blob/master/jit-migration-v2/readme.md ,这似乎是我需要的。 However it seems to be MORE than I need and I am getting lost in the additional details.然而,它似乎比我需要的更多,我迷失在额外的细节中。 I really just want to stop with the sign in step for the migration.我真的只想停止登录步骤以进行迁移。 That sample includes a sign up and password reset flow as well.该示例还包括注册和密码重置流程。 This post seems close as well: Continue Azure B2C user journey on authentication failure but its so sparse that I cannot tell how complete a solution it would be.这篇文章似乎也很接近: Continue Azure B2C 用户身份验证失败之旅,但它如此稀疏,以至于我无法判断解决方案的完整性。
So I am trying to figure out just what is needed for the sign in part of the logic.所以我试图弄清楚部分逻辑中的符号需要什么。 The sample code in jit-migration-v2 includes 5 XML files. jit-migration-v2 中的示例代码包括 5 个 XML 文件。 Are all of them needed?都需要吗? Or, better yet, which files in the example would be needed?或者,更好的是,需要示例中的哪些文件?
It seems there are a LOT of moving parts, I just would like to pare it down to minimum so I can fully understand what is going on and why.似乎有很多活动部件,我只是想把它减少到最低限度,这样我才能完全理解发生了什么以及为什么。
The five files are the standard starter pack.这五个文件是标准的启动包。
There are always four flows:总是有四种流程:
Plus:加:
You don't need the reset and edit.您不需要重置和编辑。 You don't need to upload them.您无需上传它们。
You can change SUSI to just do SU or SI via metadata flags.您可以通过元数据标志将 SUSI 更改为仅执行 SU 或 SI。
The SUSI file is just the RP and basically defines the claims returned in the JWT. SUSI 文件只是 RP,基本上定义了 JWT 中返回的声明。
It calls a user journey "SignUpOrSignIn" in the base file so follow that through and you'll see how the flow goes.它在基本文件中调用用户旅程“SignUpOrSignIn”,因此请按照它进行操作,您将看到流程是如何进行的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.