0

我们正在尝试使用 B2E 可选声明......我们按照这个文档和这个在 B2E 创建扩展声明,而不是用一些值填充它......并在 Token Conf/Manifest 上启用它。我们还使用 PartnerClaimType 设置了 de XML,但我们无法接收来自 B2E 的声明。您有什么提示或想法为什么我们无法收到索赔?

默认声明工作正常,但可选……我们至少花了 2 天时间进行大量测试……=(

Extension Claim
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('XXX9f805-40cb-41af-80ae-c63201919XXX')/extensionProperties",
"value": [
{
"id": "XXX707f9-8cdb-4cfa-996e-59da8512fXXX",
"deletedDateTime": null,
"appDisplayName": "",
"name": "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil",
"dataType": "String",
"isSyncedFromOnPremises": false,
"targetObjects": ["User"]
}
]
}

Populated claim from and User
{ "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil": "tempinfo",
}

B2E App Manifest
"saml2Token": [
{
"name": "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil",
"source": "user",
"essential": false,
"additionalProperties": []
}
]

OpenId ClaimProvider

观察:我们还尝试了“extension_perfil”和“extn.perfil”</p>

参考:

https://docs.microsoft.com/en-us/graph/api/resources/extensionproperty?view=graph-rest-1.0

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims

4

1 回答 1

1

在技​​术配置文件OIDC-ViaVarejo更改

<OutputClaim ClaimTypeReferenceId="extension_perfil" />


<OutputClaim ClaimTypeReferenceId="extension_perfil" PartnerClaimType="extn.perfil" />

由于 AAD 返回一个数组,因此您的声明定义应如下所示:

<ClaimType Id="extension_perfil">
  <DisplayName>extension_perfil</DisplayName>
  <DataType>stringCollection</DataType>
  <UserHelpText>extension_perfil</UserHelpText>
</ClaimType>

如果要在文本框中将值显示到屏幕上,则需要将转换stringCollectiona string(它只会获取第一个值):

<ClaimsTransformation Id="ExtractPerfil" TransformationMethod="GetSingleItemFromStringCollection">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="extension_perfil" TransformationClaimType="collection" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="perfil" TransformationClaimType="extractedItem" />
  </OutputClaims>
</ClaimsTransformation>

定义声明perfil

<ClaimType Id="perfil">
  <DisplayName>perfil</DisplayName>
  <DataType>string</DataType>
  <UserHelpText>extension_perfil</UserHelpText>
  <UserInputType>TextBox</UserInputType>
</ClaimType>

然后修改SelfAsserted-AADVV-PersonalData

...
    </CryptographicKeys>
    <InputClaimsTransformations>
      <InputClaimsTransformation ReferenceId="ExtractPerfil" />
    </InputClaimsTransformations>
    <InputClaims>
      <InputClaim ClaimTypeReferenceId="Step" DefaultValue="SelfAsserted-AADVV-PersonalData" AlwaysUseDefaultValue="true" />
      <InputClaim ClaimTypeReferenceId="displayName" />
      <InputClaim ClaimTypeReferenceId="email" />
      <InputClaim ClaimTypeReferenceId="perfil" />
      <InputClaim ClaimTypeReferenceId="extension_DataNasc" />
    </InputClaims>
    <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="Step" />
      <OutputClaim ClaimTypeReferenceId="displayName" Required="true" />
      <OutputClaim ClaimTypeReferenceId="email" Required="true" />
      <OutputClaim ClaimTypeReferenceId="perfil" Required="true" />
      <OutputClaim ClaimTypeReferenceId="extension_DataNasc" Required="true" />
      <OutputClaim ClaimTypeReferenceId="DDIBrasil" DefaultValue="+55" AlwaysUseDefaultValue="true" />
      <OutputClaim ClaimTypeReferenceId="extension_Celular" Required="true" />
    </OutputClaims>
...
于 2020-10-13T17:24:34.037 回答