我代表一位移动/网络开发人员问这个问题,我在 AD B2C 中创建了一些自定义策略。现在开发人员正在尝试将其与应用程序集成。出于某种原因,我使用过:
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:1.2.0
</DataUri>
作为登录技术配置文件的数据 uri。内容定义为:
<ContentDefinition Id="api.localaccount.login">
<LoadUri>my custom html</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:1.2.0</DataUri>
<Metadata>
<Item Key="DisplayName">Local Account Login</Item>
</Metadata>
<LocalizedResourcesReferences MergeBehavior="Prepend">
<LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="signin_en" />
<LocalizedResourcesReference Language="es" LocalizedResourcesReferenceId="signin_es" />
</LocalizedResourcesReferences>
</ContentDefinition>
登录TP:
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-CustomUserName-WithoutSignup">
<DisplayName>Local Account Signin UserName</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="setting.operatingMode">Username</Item>
<Item Key="setting.retryLimit">11</Item>
<Item Key="ContentDefinitionReferenceId">api.localaccount.login</Item>
<Item Key="UserMessageIfUserAccountDisabled">You account locked.</Item>
<Item Key="UserMessageIfUserAccountLocked">You've made too many incorrect attempts. Please try again later.</Item>
<Item Key="setting.showCancelButton">false</Item>
<Item Key="language.button_continue">LOG IN</Item>
<Item Key="ServiceThrottled">There are too many requests at this moment. Please wait for some time and try again.</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
<OutputClaim ClaimTypeReferenceId="password" Required="true" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" />
<OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="false" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="CheckUserExist" />
<ValidationTechnicalProfile ReferenceId="SendOTP" />
<ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
我的用户旅程如下:
<UserJourneys>
<UserJourney Id="OnBoarding">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsProviderSelection" ContentDefinitionReferenceId="api.idpselections">
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-CustomUserName-WithoutSignup" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="4" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="B2CUserProfileUpdateExchange" TechnicalProfileReferenceId="SelfAsserted-AccountValueUpdate" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="5" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadUserWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="6" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>
</UserJourneys>
策略工作正常,当他尝试将其与回复方应用程序集成时,在调用用户注册配置文件更新旅程(在用户旅程上方)之后,但它再次显示登录屏幕。注册后如何绕过登录?这是我们需要政策的东西吗?
编辑:
我正在使用单独的策略进行登录和注册。登录过程按预期工作后,但在注册后登录屏幕出现。