在创建新的 AD 本地帐户之前,使用 REST API 到外部 IDP 以验证 Azure B2C 中 JIT 迁移中的用户存在
[英]Use REST API to external IDP to validate user existence in JIT migration in Azure B2C before creating new AD local account
问题描述
I am attempting to configure a Sign in to Azure B2C that is designed to check an existing IDP for the user and ADD them as a local account if they currently do not exist as a local account.
我正在尝试配置登录到 Azure B2C,旨在检查用户的现有 IDP,如果它们当前不作为本地帐户存在,则将它们添加为本地帐户。 Basically I want to:基本上我想:
- Check the local account in B2C to see if they exist (confirmation of matching email is enough)在B2C中查看本地账号是否存在(确认匹配email即可)
- If they exist in the local account, continue to sign them in如果它们存在于本地帐户中,请继续登录
- If they don't yet exist, call a REST API to the external IDP passing the user name (email) and password and validate their authentication.如果它们尚不存在,请向外部 IDP 调用 REST API 并传递用户名(电子邮件)和密码并验证其身份验证。
- If the call to the external IDP fails, assume they don't exist in either system and prompt them to create an account (which would be local).如果对外部 IDP 的调用失败,则假设它们在任一系统中都不存在,并提示他们创建一个帐户(这将是本地帐户)。
- If the call to the external IDP is successful, create a local account in B2C with their email address and the password they entered.如果对外部 IDP 的调用成功,则使用其 email 地址和输入的密码在 B2C 中创建一个本地帐户。
I think this would be considered a just in time migration.我认为这将被视为及时迁移。 I have taken a look at this read me: https://github.com/azure-ad-b2c/user-migration/blob/master/jit-migration-v2/readme.md and it seems to be what I need.我看过这个读我: https://github.com/azure-ad-b2c/user-migration/blob/master/jit-migration-v2/readme.md ,这似乎是我需要的。 However it seems to be MORE than I need and I am getting lost in the additional details.然而,它似乎比我需要的更多,我迷失在额外的细节中。 I really just want to stop with the sign in step for the migration.我真的只想停止登录步骤以进行迁移。 That sample includes a sign up and password reset flow as well.该示例还包括注册和密码重置流程。 This post seems close as well: Continue Azure B2C user journey on authentication failure but its so sparse that I cannot tell how complete a solution it would be.这篇文章似乎也很接近: Continue Azure B2C 用户身份验证失败之旅,但它如此稀疏,以至于我无法判断解决方案的完整性。
So I am trying to figure out just what is needed for the sign in part of the logic.所以我试图弄清楚部分逻辑中的符号需要什么。 The sample code in jit-migration-v2 includes 5 XML files. jit-migration-v2 中的示例代码包括 5 个 XML 文件。 Are all of them needed?都需要吗? Or, better yet, which files in the example would be needed?或者,更好的是,需要示例中的哪些文件?
It seems there are a LOT of moving parts, I just would like to pare it down to minimum so I can fully understand what is going on and why.似乎有很多活动部件,我只是想把它减少到最低限度,这样我才能完全理解发生了什么以及为什么。
1 个解决方案
解决方案1
0 2021-04-21 20:34:11
The five files are the standard starter pack.这五个文件是标准的启动包。
There are always four flows:总是有四种流程:
- Password reset重设密码
- Profile Edit个人资料编辑
- Signup / signin (SUSI)注册/登录 (SUSI)
Plus:加:
- Base根据
- Extension扩大
You don't need the reset and edit.您不需要重置和编辑。 You don't need to upload them.您无需上传它们。
You can change SUSI to just do SU or SI via metadata flags.您可以通过元数据标志将 SUSI 更改为仅执行 SU 或 SI。
The SUSI file is just the RP and basically defines the claims returned in the JWT. SUSI 文件只是 RP,基本上定义了 JWT 中返回的声明。
It calls a user journey "SignUpOrSignIn" in the base file so follow that through and you'll see how the flow goes.它在基本文件中调用用户旅程“SignUpOrSignIn”,因此请按照它进行操作,您将看到流程是如何进行的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.