stackoom
  简体   繁体   中英

Azure AD B2C custom policy - send query string parameter to 3rd party

 原文  2020-12-02 11:55:50       azure-active-directory/ azure-ad-b2c/ azure-ad-b2c-custom-policy

Question

I am working on a B2C case that involves integration with a 3rd party identity provider using OpenIdConnect.

This third party expects a specific query string parameter to be sent one or more times:

example.com/oidc/authorize=?...& login_hint =ABCvalue& login_hint =XYZvalue

I have an OpenIdConnect Technical Profile with the required input claims:

<TechnicalProfile Id="Example-Swe">
  <DisplayName>Example Sverige</DisplayName>
  <Description>Login with Example</Description>
  <Protocol Name="OpenIdConnect"/>
  <OutputTokenFormat>JWT</OutputTokenFormat>
  <Metadata>
    <Item Key="client_id">preprod.Example</Item>
    <Item Key="METADATA">https://example.com/oidc/.well-known/openid-configuration</Item>
    <Item Key="response_types">code</Item>
    <Item Key="scope">openid phone profile example.national_id offline_access</Item>
    <Item Key="response_mode">query</Item>
    <Item Key="HttpBinding">POST</Item>
    <Item Key="UsePolicyInRedirectUri">false</Item>
  </Metadata>
  <CryptographicKeys>
    <Key Id="client_secret" StorageReferenceId="B2C_1A_ExampleSecretNO1"/>
  </CryptographicKeys>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="acr_values" DefaultValue="urn:example:oidc:method:sbid"/>
    <InputClaim ClaimTypeReferenceId="example_profile" DefaultValue="example-id" />
    <InputClaim ClaimTypeReferenceId="ui_locales" DefaultValue="sv" />
    <InputClaim ClaimTypeReferenceId="claimABC" PartnerClaimType="login_hint" />
    <InputClaim ClaimTypeReferenceId="claimXYZ" PartnerClaimType="login_hint" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="access_token" PartnerClaimType="{oauth2:access_token}" />
    <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="sub" />
    <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="SigBidSwe" />
    <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="Example-BID-Swe" />
    <OutputClaim ClaimTypeReferenceId="countryCode" DefaultValue="SE" AlwaysUseDefaultValue="true" />

  </OutputClaims>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD"/>
</TechnicalProfile>

but having two claim with the same PartnerClaimType does not work. B2C throws an Exception.

Is it possible to achieve this somehow?

1 answers

solution1
 0 ACCPTED  2020-12-11 10:42:35

Can't be done today with Azure B2C custom policies and also the third party is not following the spec.

Duplicate query parameters violates the OAUTH specification

  1. Parameters

OAuth Protocol Parameter names and values are case sensitive. Each OAuth Protocol Parameters MUST NOT appear more than once per request, and are REQUIRED unless otherwise noted.

https://oauth.net/core/1.0a/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Customize User Experience in Azure AD B2C custom policy Refresh token revocation in Azure AD B2C Custom Policy Azure AD B2C passwordless sign in custom Policy Azure AD B2C Custom SignIn Policy Displays SignUpSignIn Azure AD B2C Custom Policy - Bind MultiCheckbox dynamically Azure AD B2C Custom Policy Verification Email Customisation default Text modification in azure ad b2c custom policy Change Background image of azure ad b2c in custom policy Azure AD B2C custom policy to enable/disable MFA Azure AD B2C UI customization for custom policy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM