自定义策略Azure AD B2C发行,并阅读Azure AD用户的价值员工ID
我需要帮助来解决我遇到的问题,我们需要创建一个我们已经创建的自定义策略,但是我们需要阅读Azure AD中用户员工的价值,以便当您第一次签名时,以该值注册在B2C中。我放了图像来理解它:
Azure AD:
但是,当我登录时,Azure AD B2C中的用户没有员工:
我在自定义策略中定义了索赔:
<ClaimType Id="extension_employeeid">
<DisplayName>EmployeeId</DisplayName>
<DataType>string</DataType>
<DefaultPartnerClaimTypes>
<Protocol Name="OAuth2" PartnerClaimType="employeeid" />
<Protocol Name="OpenIdConnect" PartnerClaimType="employeeid" />
<Protocol Name="SAML2" PartnerClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid" />
</DefaultPartnerClaimTypes>
<UserHelpText>Your EmployeeId. </UserHelpText>
<!--<UserInputType>Readonly</UserInputType>-->
<UserInputType>TextBox</UserInputType>
</ClaimType>
但是返回的员工的价值是空的。 我如何解决?
I need help to solve a problem I have, we need to create a custom policy, which we already have created, but we need to read the value of the user's employeeid in Azure AD, so that when you sign in the first time, this is registered in B2C with that value. I put images to understand it:
Azure AD:
but when I sign in, the user in Azure AD B2C doesn't have the employeeid:
I defined in the custom policy the claim:
<ClaimType Id="extension_employeeid">
<DisplayName>EmployeeId</DisplayName>
<DataType>string</DataType>
<DefaultPartnerClaimTypes>
<Protocol Name="OAuth2" PartnerClaimType="employeeid" />
<Protocol Name="OpenIdConnect" PartnerClaimType="employeeid" />
<Protocol Name="SAML2" PartnerClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/employeeid" />
</DefaultPartnerClaimTypes>
<UserHelpText>Your EmployeeId. </UserHelpText>
<!--<UserInputType>Readonly</UserInputType>-->
<UserInputType>TextBox</UserInputType>
</ClaimType>
but the value of employeeid that is returned is empty.
How I can fix it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
请检查获得内置属性的扩展属性,而员工ID是标识符属性。
使用PersistedClaims将数据写入用户配置文件IE;在联邦帐户的首次登录流程和输出批准中写入数据,以在相应的Active Directory技术配置文件中从用户配置文件中读取数据。
在您的trustframeworkextensions文件中,
用户使用本地帐户进行身份验证后。
如果SAML发送索赔“员工”比映射为“员工”
,或者尝试使用伙伴ClaimType作为Extension_Employeenumber输出的技术配置文件
,请参见 azure ad b2c:具有自定义政策的自定义主张-Microsoft Q&amp; a
确保启用启用自定义策略中的扩展属性,
在AAD-Common中提供应用程序ID和应用程序对象ID
技术资料元数据
Azure Active Directory
请参见:应用程序属性
参考文献:
Please check the User profile attributes in AAD B2C to get extension attributes for builtin attributes and employeeId is identifier attributes.
Use PersistedClaims to write data to the user profile i.e.; Write data during a federated account first-time sign-in flow and OutputClaims to read data from the user profile within the respective Active Directory technical profiles.
In your trustframeworkextensions file
after user authenticates with a local account.
If SAML is sending a claim "employeeId" than the mapping is
Or try Technical Profile to output with PartnerClaimType as extension_employeeNumber
Also see Azure AD B2C: Custom claims with custom policies - Microsoft Q&A
Make sure to enable extension attributes in the custom policy,
provide Application ID and Application Object ID in the AAD-Common
technical profile metadata
Azure Active Directory
See: application properties
References: