Azure B2C:自定义声明未通过自定义策略写入 AAD
Azure B2C: Custom claim isn't written into AAD via custom policy
在将自定义声明写入 Azure Active Directory (AAD) 时,我似乎遇到了障碍。我正在尝试将组织写入 ADD,但似乎当我通过 Graph API 查询用户时,我没有看到任何组织数据的踪迹。我想知道我尝试写入数据的方式是否有问题,或者有一个我不知道的技术细节会导致这个问题?
这是我要保存到 AAD 的自定义声明。
<ClaimType Id="extension_organization">
<DisplayName>Organization Name</DisplayName>
<DataType>string</DataType>
<UserHelpText>Name of admin's organization.</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
这里是我写声明的地方(这与您在示例中看到的差不多):
<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
</InputClaims>
<PersistedClaims>
<!-- Required claims -->
<PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
<PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown" />
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" />
<!-- Optional claims. -->
<PersistedClaim ClaimTypeReferenceId="givenName" />
<PersistedClaim ClaimTypeReferenceId="surname" />
<PersistedClaim ClaimTypeReferenceId="extension_organization" />
</PersistedClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
有趣的是,似乎连电子邮件都看不到。
当查询图表 API 的 custom/extension 属性时,您需要确保 select 使用以下语法扩展属性:
extension_{b2cExtensionsAppId}_organization
其中 {b2cExtensionsAppId} 是自动生成的 B2C 租户中应用程序的 Application/Client ID:
b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.
编辑 - 删除扩展 Application/Client ID
中的破折号 (-)
79af1ae0-cacb-401a-9a42-1f2178adc0ef 转换为 79af1ae0cacb401a9a421f2178adc0ef.
示例:
b2c_79af1ae0cacb401a9a421f2178adc0ef_organization
在将自定义声明写入 Azure Active Directory (AAD) 时,我似乎遇到了障碍。我正在尝试将组织写入 ADD,但似乎当我通过 Graph API 查询用户时,我没有看到任何组织数据的踪迹。我想知道我尝试写入数据的方式是否有问题,或者有一个我不知道的技术细节会导致这个问题?
这是我要保存到 AAD 的自定义声明。
<ClaimType Id="extension_organization">
<DisplayName>Organization Name</DisplayName>
<DataType>string</DataType>
<UserHelpText>Name of admin's organization.</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
这里是我写声明的地方(这与您在示例中看到的差不多):
<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
</InputClaims>
<PersistedClaims>
<!-- Required claims -->
<PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
<PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown" />
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" />
<!-- Optional claims. -->
<PersistedClaim ClaimTypeReferenceId="givenName" />
<PersistedClaim ClaimTypeReferenceId="surname" />
<PersistedClaim ClaimTypeReferenceId="extension_organization" />
</PersistedClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
有趣的是,似乎连电子邮件都看不到。
当查询图表 API 的 custom/extension 属性时,您需要确保 select 使用以下语法扩展属性:
extension_{b2cExtensionsAppId}_organization
其中 {b2cExtensionsAppId} 是自动生成的 B2C 租户中应用程序的 Application/Client ID:
b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.
编辑 - 删除扩展 Application/Client ID
中的破折号 (-)79af1ae0-cacb-401a-9a42-1f2178adc0ef 转换为 79af1ae0cacb401a9a421f2178adc0ef.
示例:
b2c_79af1ae0cacb401a9a421f2178adc0ef_organization