0

我正在尝试使用自定义策略将 Azure B2C 与 SAML2 身份提供程序连接起来。我已经按照教程进行操作,问题是我需要使用特定值设置 ProviderName 属性,并且由于某种原因 B2C 不发送它。

有人遇到过这种情况吗?

这是我的技术配置文件定义。

   <ClaimsProvider> 
  <Domain>thedomain</Domain>
  <DisplayName>CustomIDP</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="CustomIDP">
      <DisplayName>CustomIDP</DisplayName> 
      <Protocol Name="SAML2"/> 
      <Metadata>  
        <Item Key="XmlSignatureAlgorithm">Sha512</Item> 
        <Item Key="ForceAuthN">true</Item>     

        <Item Key="PartnerEntity">
          <![CDATA[<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
                  <EntityDescriptor    entityID="https://fooidp/Serviceblablabla" 
                                    xmlns="urn:oasis:names:tc:SAML:2.0:metadata">    
                    <IDPSSODescriptor   WantAuthnRequestsSigned="true"
                                      WantAssertionsSigned="true"
                                      protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">         
                      
                      <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>

                      <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                                          Location="https://fooidp/Serviceblablabla" />
                    </IDPSSODescriptor>
                  </EntityDescriptor>
          ]]>
        </Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SelfSAMLSigningCert"/> 
      </CryptographicKeys>
      <InputClaims> 
        <InputClaim ClaimTypeReferenceId="ProviderName" DefaultValue="someImportantValue" AlwaysUseDefaultValue="true" /> 
      </InputClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="assertionSubjectName" />
        <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="first_name" />
        <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="last_name" />
        <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="http://schemas.microsoft.com/identity/claims/displayname" />
        <OutputClaim ClaimTypeReferenceId="email" /> 
        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
      </OutputClaims>
      <!--<OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
        <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
        <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
        <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>
      </OutputClaimsTransformations>-->
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml-idp"/>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

这是我收到的请求的一部分,根本没有 ProviderName

<samlp:AuthnRequest 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
ID="some random id" 
Version="2.0" 
IssueInstant="2021-10-19T08:10:50.1611186Z" 
Destination="https://fooidp/Serviceblablabla" 
ForceAuthn="true" 
IsPassive="false" 
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
AssertionConsumerServiceURL="b2c assertion blabla" 
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer  ......

提前致谢。

4

1 回答 1

0

现在支持 ProviderName。您可以通过添加 ProviderName 元数据项向外部 IDP 发送 ProviderName 值,如下所示 - https://docs.microsoft.com/en-gb/azure/active-directory-b2c/saml-identity-provider-technical-个人资料#元数据

于 2022-01-12T23:24:12.580 回答