问题描述
我正在使用自定义策略,我发现内置策略中存在电子邮件"字段,但自定义策略中不存在该字段.而是有一个名为otherMails的声明.
I'm using custom policies and I saw that the field "emails" that exists in built-in policies but doesn't exist in custom policies. There is a claim named otherMails instead.
- 我想用自己的令牌返回一个
emails声明,并带有用户电子邮件列表. - 我希望对我的注册/登录和密码重置政策提出要求.
- I want to return an
emailsclaim in my tokens with a list of user emails. - I want that claim on my signup/sign-in and password reset policies.
我正在使用入门包中的自定义策略.但是我不知道应该更改哪个TechnicalProfiles.我尝试了几件事,但是没有用.
I'm using the custom policies in the starter pack. But I don't know which TechnicalProfiles should I change. I tried a few things but it doesn't work.
提前谢谢!
推荐答案
编写本地帐户时:必须使用"CreateOtherMailsFromEmail"声明转换从"email"声明中创建"otherMails"声明,然后保留"otherMails" "在"AAD-UserWriteUsingLogonEmail"技术资料中的声明:
When writing a local account: You must create the "otherMails" claim from the "email" claim using the "CreateOtherMailsFromEmail" claims transformation and then persist the "otherMails" claim in the "AAD-UserWriteUsingLogonEmail" technical profile:
<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
...
<IncludeInSso>false</IncludeInSso>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="CreateOtherMailsFromEmail" />
</InputClaimsTransformations>
<InputClaims>
...
</InputClaims>
<PersistedClaims>
...
<PersistedClaim ClaimTypeReferenceId="otherMails" />
</PersistedClaims>
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="otherMails" />
</OutputClaims>
...
</TechnicalProfile>
然后,您必须从"LocalAccountSignUpWithLogonEmail"技术档案中传递"otherMails"声明,以调用该技术档案来注册本地帐户:
You must then pass the "otherMails" claim out from the "LocalAccountSignUpWithLogonEmail" technical profile that is invoked to register a local account:
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
...
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="otherMails" />
</OutputClaims>
</TechnicalProfile>
编写社交帐户时:已经从电子邮件"声明中创建了"otherMails"声明,然后将其保留在"AAD-UserWriteUsingAlternativeSecurityId"技术配置文件中.
When writing a social account: The "otherMails" claim is already created from the "email" claim and then persisted in the "AAD-UserWriteUsingAlternativeSecurityId" technical profile.
然后,您必须将"otherMails"声明从"SelfAsserted-Social"技术资料传递出去,该资料被调用来注册社交帐户:
You must then pass the "otherMails" claim out from the "SelfAsserted-Social" technical profile that is invoked to register a social account:
<TechnicalProfile Id="SelfAsserted-Social">
...
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="otherMails" />
</OutputClaims>
</TechnicalProfile>
在读取本地帐户或社交帐户时:已在"AAD-UserReadUsingObjectId","AAD-UserReadUsingEmailAddress"和"AAD-UserReadUsingAlternativeSecurityId"技术资料中读取"otherMails"声明.
When reading a local or social account: The "otherMails" claim is already read in the "AAD-UserReadUsingObjectId", "AAD-UserReadUsingEmailAddress", and "AAD-UserReadUsingAlternativeSecurityId" technical profiles.
然后,您必须从"LocalAccountDiscoveryUsingEmailAddress"技术配置文件中传递"otherMails"声明,并调用该技术配置文件来恢复本地密码:
You must then pass the "otherMails" claim out from the "LocalAccountDiscoveryUsingEmailAddress" technical profile that is invoked to recover a local password:
<TechnicalProfile Id="LocalAccountDiscoveryUsingEmailAddress">
...
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="otherMails" />
</OutputClaims>
</TechnicalProfile>
要通过注册/登录和密码重置策略将"otherMail"声明作为电子邮件"发布:您必须将"otherMails"声明作为<OutputClaim />添加到依赖方策略:
To issue the "otherMail" claim as "emails" from the sign-up/sign-in and password reset policies: You must add the "otherMails" claim as <OutputClaim /> to the relying party policies:
<RelyingParty>
...
<TechnicalProfile Id="PolicyProfile">
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="otherMails" PartnerClaimType="emails" />
</OutputClaims>
</TechnicalProfile>
</RelyingParty>
这篇关于返回有关自定义政策的电子邮件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!