[英]Azure AD B2C Custom Policy Bypass or skip specific phone Number Orchestration flow
我們正在使用 Azure AD B2C 電話號碼 OTP 身份驗證流程,因此我們需要運行自動化測試,因為我們需要跳過 OTP 驗證步驟。 下面是 B2C_1A_PH_SUSI 文件代碼。
<UserJourney Id="PhoneSignInUp">
<OrchestrationSteps>
<!--
Ask the user for the phone number.
The ValidationTechnicalProfile tries to read the user from the directory using the phone number
-->
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="SignIn" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Username" />
</ClaimsExchanges>
</OrchestrationStep>
<!--
Verify the phone number via SMS or Callback
-->
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>isActiveMFASession</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<ClaimsExchanges>
<ClaimsExchange Id="PhoneFactor-Verify" TechnicalProfileReferenceId="PhoneFactor-InputOrVerify-PhoneLogon" />
</ClaimsExchanges>
</OrchestrationStep>
<!--
If the user didn't exist previously, create the object in the directory
-->
<OrchestrationStep Order="3" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="AADUserWriteUser" TechnicalProfileReferenceId="AAD-UserWriteUsingPhoneNumber" />
</ClaimsExchanges>
</OrchestrationStep>
<!--
return the JWT token
-->
<OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>
據推測,對於自動化測試,您正在使用 ROPC 來登錄用戶?
在這種情況下,在 PhoneFactor 周圍添加一個先決條件以檢查 ROPC 用戶並跳過該步驟。
只需給用戶一個“奇怪的”登錄名 - 很多 q/z/x 等 :-) 很難猜測安全性。
我找到了一種通過添加前提條件<Value>+91xxxxxxxx</Value>
塊來繞過 OTP 的方法
<!--
Verify the phone number via SMS or Callback
-->
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>isActiveMFASession</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>signinnames.phoneNumber</Value>
<Value>+91xxxxxxxx</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="PhoneFactor-Verify" TechnicalProfileReferenceId="PhoneFactor-InputOrVerify-PhoneLogon" />
</ClaimsExchanges>
</OrchestrationStep>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.