问题描述
从测试中看,似乎只有在将验证技术配置文件"添加到自我评估的技术配置文件"中后,
From testing, it appears Validation Technical Profiles are only used when added to SelfAssserted Technical Profiles
例如以下内容:
<TechnicalProfile Id="ExternalIDP">
<DisplayName>Some External IdP</DisplayName>
<Protocol Name="OpenIdConnect" />
<Metadata>
<!-- ... -->
</Metadata>
<OutputClaims>
<!-- ... -->
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="FETCH-MORE-CLAIMS" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
向外部身份提供商进行身份验证后,
似乎没有调用FETCH-MORE-CLAIMS配置文件.
does not appear to call the FETCH-MORE-CLAIMS profile after authenticating to the external identity provider.
这是正确的吗?如果是这样,是否有另一种方法可以在每次调用特定技术资料时始终强制调用第二个技术资料?
Is this correct, and if so, is there another way to always force a second technical profile to be called whenever a particular technical profile is called?
推荐答案
一种可能的方法是设置一个输出声明,该声明指示已完成,然后在此之后进行编排步骤,并对该声明施加条件,然后将您的TP用作索赔交换.
One possible way would be to set an output claim that indicates that was done, and then have an orchestration step after that with a condition on that claim, which then runs your TP as a claims exchange.
因此,输出声明如下:
<OutputClaim ClaimTypeReferenceId="idp" DefaultValue="ThisIdp" AlwaysUseDefaultValue="true" />
如果尚未定义该声明,则需要对其进行定义,或者可以使用已经拥有的另一个声明.
You'd need to define that claim if it isn't already defined, or you can use another one you already have.
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>idp</Value>
<Value>ThisIdp</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="FetchMoreClaimsExchange" TechnicalProfileReferenceId="FETCH-MORE-CLAIMS" />
</ClaimsExchanges>
</OrchestrationStep>
如果idp!= ThisIdp,则将跳过此编排步骤,因此只有在使用了外部idp时,该编排步骤才会运行.
This orchestration step is skipped if idp != ThisIdp, so it would only run if your external idp was used.
这篇关于非自声明技术配置文件的Azure AD B2C验证配置文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!