我如何在 B2C 上检索 extensionProperty?
How I retrieve a extensionProperty on B2C?
我们正在尝试使用 B2E 可选声明……我们按照此文档和此文档在 B2E 上创建扩展声明,而不是用一些值填充它……并在 Token Conf/Manifest 上启用它。我们还使用 PartnerClaimType 设置了 de XML,但我们无法收到来自 B2E 的索赔。为什么我们无法收到索赔,您有什么建议或想法吗?
默认声明工作正常,但可选……我们至少花了 2 天时间进行大量测试……=(
Extension Claim
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('XXX9f805-40cb-41af-80ae-c63201919XXX')/extensionProperties",
"value": [
{
"id": "XXX707f9-8cdb-4cfa-996e-59da8512fXXX",
"deletedDateTime": null,
"appDisplayName": "",
"name": "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil",
"dataType": "String",
"isSyncedFromOnPremises": false,
"targetObjects": ["User"]
}
]
}
Populated claim from and User
{ "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil": "tempinfo",
}
B2E App Manifest
"saml2Token": [
{
"name": "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil",
"source": "user",
"essential": false,
"additionalProperties": []
}
]
OpenId ClaimProvider
观察:我们还尝试了“extension_perfil”和“extn.perfil”
参考文献:
https://docs.microsoft.com/en-us/graph/api/resources/extensionproperty?view=graph-rest-1.0
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
在技术资料中OIDC-ViaVarejo更改
<OutputClaim ClaimTypeReferenceId="extension_perfil" />
到
<OutputClaim ClaimTypeReferenceId="extension_perfil" PartnerClaimType="extn.perfil" />
您的声明定义应如下所示,因为 AAD 正在返回一个数组:
<ClaimType Id="extension_perfil">
<DisplayName>extension_perfil</DisplayName>
<DataType>stringCollection</DataType>
<UserHelpText>extension_perfil</UserHelpText>
</ClaimType>
如果你想在文本框中将值显示到屏幕上,你需要 convert 将 stringCollection 转换为 string(它只会获得第一个值):
<ClaimsTransformation Id="ExtractPerfil" TransformationMethod="GetSingleItemFromStringCollection">
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_perfil" TransformationClaimType="collection" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="perfil" TransformationClaimType="extractedItem" />
</OutputClaims>
</ClaimsTransformation>
定义声明perfil
<ClaimType Id="perfil">
<DisplayName>perfil</DisplayName>
<DataType>string</DataType>
<UserHelpText>extension_perfil</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
然后修改SelfAsserted-AADVV-PersonalData:
...
</CryptographicKeys>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="ExtractPerfil" />
</InputClaimsTransformations>
<InputClaims>
<InputClaim ClaimTypeReferenceId="Step" DefaultValue="SelfAsserted-AADVV-PersonalData" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="displayName" />
<InputClaim ClaimTypeReferenceId="email" />
<InputClaim ClaimTypeReferenceId="perfil" />
<InputClaim ClaimTypeReferenceId="extension_DataNasc" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="Step" />
<OutputClaim ClaimTypeReferenceId="displayName" Required="true" />
<OutputClaim ClaimTypeReferenceId="email" Required="true" />
<OutputClaim ClaimTypeReferenceId="perfil" Required="true" />
<OutputClaim ClaimTypeReferenceId="extension_DataNasc" Required="true" />
<OutputClaim ClaimTypeReferenceId="DDIBrasil" DefaultValue="+55" AlwaysUseDefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="extension_Celular" Required="true" />
</OutputClaims>
...
我们正在尝试使用 B2E 可选声明……我们按照此文档和此文档在 B2E 上创建扩展声明,而不是用一些值填充它……并在 Token Conf/Manifest 上启用它。我们还使用 PartnerClaimType 设置了 de XML,但我们无法收到来自 B2E 的索赔。为什么我们无法收到索赔,您有什么建议或想法吗?
默认声明工作正常,但可选……我们至少花了 2 天时间进行大量测试……=(
Extension Claim
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#applications('XXX9f805-40cb-41af-80ae-c63201919XXX')/extensionProperties",
"value": [
{
"id": "XXX707f9-8cdb-4cfa-996e-59da8512fXXX",
"deletedDateTime": null,
"appDisplayName": "",
"name": "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil",
"dataType": "String",
"isSyncedFromOnPremises": false,
"targetObjects": ["User"]
}
]
}
Populated claim from and User
{ "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil": "tempinfo",
}
B2E App Manifest
"saml2Token": [
{
"name": "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil",
"source": "user",
"essential": false,
"additionalProperties": []
}
]
OpenId ClaimProvider
观察:我们还尝试了“extension_perfil”和“extn.perfil”
参考文献:
https://docs.microsoft.com/en-us/graph/api/resources/extensionproperty?view=graph-rest-1.0
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
在技术资料中OIDC-ViaVarejo更改
<OutputClaim ClaimTypeReferenceId="extension_perfil" />
到
<OutputClaim ClaimTypeReferenceId="extension_perfil" PartnerClaimType="extn.perfil" />
您的声明定义应如下所示,因为 AAD 正在返回一个数组:
<ClaimType Id="extension_perfil">
<DisplayName>extension_perfil</DisplayName>
<DataType>stringCollection</DataType>
<UserHelpText>extension_perfil</UserHelpText>
</ClaimType>
如果你想在文本框中将值显示到屏幕上,你需要 convert 将 stringCollection 转换为 string(它只会获得第一个值):
<ClaimsTransformation Id="ExtractPerfil" TransformationMethod="GetSingleItemFromStringCollection">
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_perfil" TransformationClaimType="collection" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="perfil" TransformationClaimType="extractedItem" />
</OutputClaims>
</ClaimsTransformation>
定义声明perfil
<ClaimType Id="perfil">
<DisplayName>perfil</DisplayName>
<DataType>string</DataType>
<UserHelpText>extension_perfil</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
然后修改SelfAsserted-AADVV-PersonalData:
...
</CryptographicKeys>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="ExtractPerfil" />
</InputClaimsTransformations>
<InputClaims>
<InputClaim ClaimTypeReferenceId="Step" DefaultValue="SelfAsserted-AADVV-PersonalData" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="displayName" />
<InputClaim ClaimTypeReferenceId="email" />
<InputClaim ClaimTypeReferenceId="perfil" />
<InputClaim ClaimTypeReferenceId="extension_DataNasc" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="Step" />
<OutputClaim ClaimTypeReferenceId="displayName" Required="true" />
<OutputClaim ClaimTypeReferenceId="email" Required="true" />
<OutputClaim ClaimTypeReferenceId="perfil" Required="true" />
<OutputClaim ClaimTypeReferenceId="extension_DataNasc" Required="true" />
<OutputClaim ClaimTypeReferenceId="DDIBrasil" DefaultValue="+55" AlwaysUseDefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="extension_Celular" Required="true" />
</OutputClaims>
...