堆栈内存溢出
  简体   繁体   English

Azure Active Directory B2C:如何查询 MS Graph 以获得用户的备用安全 ID?

[英]Azure Active Directory B2C: How to query MS Graph to get a user's alternative security ID?

 原文  2022-02-11 16:48:44       azure-active-directory/ azure-ad-b2c/ azure-ad-b2c-custom-policy/ aad-b2c

问题描述

B2C uses an alternative security ID to uniquely identify users from social accounts. B2C 使用备用安全 ID 来唯一标识来自社交帐户的用户。 We have a problem where a user enters credentials for a user, but somehow B2C authenticates the user as someone else.我们遇到一个问题,用户输入用户的凭据,但 B2C 以某种方式将用户身份验证为其他人。 I suspect the IDP is returning bad claims data or the alternative security IDs are the same.我怀疑 IDP 正在返回错误的声明数据或替代安全 ID 相同。 How do I view the alternative security ID of a user in Active Directory?如何在 Active Directory 中查看用户的备用安全 ID?

I tried the following MS Graph query trying all the attributes I can think of (including the ones listed in this article ), but graph doesn't return data for these attributes.我尝试了以下 MS Graph 查询,尝试了我能想到的所有属性(包括本文中列出的属性),但图形不返回这些属性的数据。

https://graph.microsoft.com/v1.0/users/<userId>?$select=id,alternativeSecurityId,alternativeSecurityIds,extension_<b2cExtensionAppId>_alternativeSecurityId,extension_<b2cExtensionAppId>_alternativeSecurityIds

Thanks in advance!提前致谢!

1 个解决方案

解决方案1
 2 已采纳  2022-02-11 17:07:00

AlternativeSecurityId for a B2C user is found in the Identities collection via MS Graph API. B2C 用户的 AlternativeSecurityId 可通过 MS Graph API 在身份集合中找到。

The AlternativeSecurityId claim used in the B2C policy maps to the Identities: issuerAssignedId value for the corresponding issuer. B2C 策略中使用的 AlternativeSecurityId 声明映射到 Identities: issuerAssignedId 相应发行者的值。

Eg, for issuerAssignedId: 123 (id from google token) from issuer: google.com例如,对于 issuerAssignedId:123(来自 google 令牌的 id)来自 issuer:google.com

  "identities": [
    {
      "signInType": "federated",
      "issuer": "google.com",
      "issuerAssignedId": "123"
    }
  ],

You can return the identities collection by calling the /users endpoint of MS Graph API. https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http您可以通过调用 MS Graph API 的 /users 端点返回身份集合。 https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我们可以在单个应用程序中使用 Azure Active Directory(AAD) B2B 和 B2C 吗??? 用于 Microsoft Intune 访问的 B2B 和用于用户登录/注册的 B2C - Could we use Azure Active Directory(AAD) B2B and B2C in single application??? B2B for Microsoft Intune access and B2C for user login/signup 在 Azure Active Directory B2C 的用户流中使用 API 连接器读取用户 IP 地址 - Reading user IP address with API Connector in User Flows in Azure Active Directory B2C 如何使用用户委托 SAS 或 Azure RBAC 为 azure 活动目录 B2C 用户(自定义域)授予存储帐户容器权限? - How use User Delegation SAS Or Azure RBAC to grant permissions on storage account containers for azure active directory B2C users (Custom Domain)? 如何使用 MS graph API 获取 azure 广告 b2c 用户的身份验证方法或 MFA 电话号码 - How to fetch authentication methods or MFA phone number of azure ad b2c users using MS graph API 如何通过 Microsoft Graph Azure AD B2C 自定义用户属性进行交互 PowerShell SDK? - How to interact with Azure AD B2C custom User Attributes via Microsoft Graph PowerShell SDK? Azure B2C ROPC替代品 - Azure B2C ROPC alternative Azure Active Directory:如何通过授权代码流 (MSAL) 获取用户的 object id? - Azure Active Directory: how to get user's object id via auth code flow (MSAL)? springboot oauth2 客户端 azure 活动目录 b2c issuer-uri 问题 - springboot oauth2 client azure active directory b2c issuer-uri problem Azure Active Directory B2C with Azure Front door auth response uses wrong domain - Azure Active Directory B2C with Azure Front door auth response uses wrong domain 使用图 SDK 将角色添加到 Azure AD B2C 中的现有用户 - Add Role to Existing User in Azure AD B2C using Graph SDK
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM