调用login-NonInteractive技术配置文件时如何替换默认的signInName声明?

问题描述 投票:0回答:1

我创建了一个声明转换,它从通常在登录非交互式技术配置文件中使用的signInName中删除前导零。 删除前导零的声明称为signInNameWithoutZeroes。 我想使用该声明来进行身份验证,而不是使用 SignInName。

我调整了login-NonInteractive技术配置文件,尝试用signInNameWithoutZeroes覆盖signInName,但在这种情况下登录总是失败。

<TechnicalProfile Id="login-NonInteractive">
  <Metadata>
    <Item Key="client_id">xxxxxx</Item>
    <Item Key="IdTokenAudience">xxxxxx</Item>
  </Metadata>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="client_id" DefaultValue="xxxxxx" />
    <InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="xxxxxx" />
    <InputClaim ClaimTypeReferenceId="signInName" />
    <InputClaim ClaimTypeReferenceId="signInNameWithoutZeroes" PartnerClaimType="username" Required="true"/>
  </InputClaims>
</TechnicalProfile>

以下是呼叫技术简介:

<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Username">
  <DisplayName>Local Account Signin</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="SignUpTarget">SignUpWithLogonEmailExchange</Item>
    <Item Key="setting.operatingMode">Username</Item>
    <Item Key="setting.showSignupLink">false</Item>
    <Item Key="setting.forgotPasswordLinkLocation">None</Item>
    <Item Key="ContentDefinitionReferenceId">api.ctas-localaccountsignin</Item>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
  </Metadata>
  <IncludeInSso>false</IncludeInSso>
  <!--<InputClaimsTransformations>
    <InputClaimsTransformation ReferenceId="AssignValueToTester" />
  </InputClaimsTransformations>-->
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="signInName" DefaultValue="{OIDC:LoginHint}" AlwaysUseDefaultValue="true" PartnerClaimType="signInName" />
    <InputClaim ClaimTypeReferenceId="signInNameWithoutZeroes" />
    <InputClaim ClaimTypeReferenceId="resultValue" />
    <InputClaim ClaimTypeReferenceId="resultMatch" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
    <OutputClaim ClaimTypeReferenceId="password" Required="true" />
    <OutputClaim ClaimTypeReferenceId="objectId" />
    <OutputClaim ClaimTypeReferenceId="authenticationSource" />
    <!--Added Claims-->
    <OutputClaim ClaimTypeReferenceId="version" />
    <OutputClaim ClaimTypeReferenceId="signInNameWithoutZeroes" />
    <OutputClaim ClaimTypeReferenceId="resultValue" />
    <OutputClaim ClaimTypeReferenceId="resultMatch" />
  </OutputClaims>
  <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="ExperimentalValidation-AssignValueToVersion" />
    <ValidationTechnicalProfile ReferenceId="ExperimentalValidation-AssignValueToTester" />
    <ValidationTechnicalProfile ReferenceId="ExperimentalValidation-StripLeadingZeros" />
    <!--<ValidationTechnicalProfile ReferenceId="ExperimentalValidation-StripLeadingZerosFromTesterNewRegEx" />-->
    <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
  </ValidationTechnicalProfiles>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>

这是代码的其余部分:

        <TechnicalProfile Id="ExperimentalValidation-StripLeadingZeros">
          <DisplayName>Strip zeroes from signin name</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="signInNameWithoutZeroes" />
          </OutputClaims>
          <OutputClaimsTransformations>
            <OutputClaimsTransformation ReferenceId="StripLeadingZeros" />
          </OutputClaimsTransformations>
        </TechnicalProfile>

<ClaimsTransformation Id="StripLeadingZeros" TransformationMethod="SetClaimsIfRegexMatch">
   <InputClaims>
     <InputClaim ClaimTypeReferenceId="signInName" TransformationClaimType="claimToMatch"/>
   </InputClaims>
   <InputParameters>
     <!--<InputParameter Id="matchTo" DataType="string" Value="^0+(.*)$" />-->
     <InputParameter Id="matchTo" DataType="string" Value="^0*(?&lt;signInNameWithoutZeroes&gt;.+)$" />
     <InputParameter Id="outputClaimIfMatched" DataType="string" Value="You entered a femasid with leading zeroes" />
     <InputParameter Id="extractGroups" DataType="boolean" Value="true" />
   </InputParameters>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="resultValue" TransformationClaimType="outputClaim" />
     <OutputClaim ClaimTypeReferenceId="resultMatch" TransformationClaimType="regexCompareResultClaim" />
     <OutputClaim ClaimTypeReferenceId="signInNameWithoutZeroes" />
   </OutputClaims>
 </ClaimsTransformation>
azure-ad-b2c-custom-policy
1个回答
0
投票

为了实现此目的,并防止向基本策略添加代码,我必须从基本策略复制 login-NonInteractive 技术配置文件,并将其移至扩展策略。 这允许我根据自己的选择配置它,而不是使用期望登录名称的基本策略。

<TechnicalProfile Id="login-NonInteractive-StrippedZeros">
  <DisplayName>Local Account SignIn</DisplayName>
  <Protocol Name="OpenIdConnect" />
  <Metadata>
    <Item Key="ProviderName">https://sts.windows.net/</Item>
    <Item Key="METADATA">https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration</Item>
    <Item Key="authorization_endpoint">https://login.microsoftonline.com/{tenant}/oauth2/token</Item>
    <Item Key="response_types">id_token</Item>
    <Item Key="response_mode">query</Item>
    <Item Key="scope">email openid</Item>
    <!-- <Item Key="grant_type">password</Item> -->
    <!-- Policy Engine Clients -->
    <Item Key="UsePolicyInRedirectUri">false</Item>
    <Item Key="HttpBinding">POST</Item>
    <!-- Custom Additions -->
    <Item Key="client_id">aaaaaaaaaaaaaaaa</Item>
    <Item Key="IdTokenAudience">aaaaaaaaaaa</Item>
  </Metadata>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="password" Required="true" />
    <InputClaim ClaimTypeReferenceId="grant_type" DefaultValue="password" AlwaysUseDefaultValue="true" />
    <InputClaim ClaimTypeReferenceId="scope" DefaultValue="openid" AlwaysUseDefaultValue="true" />
    <InputClaim ClaimTypeReferenceId="nca" PartnerClaimType="nca" DefaultValue="1" />
    <InputClaim ClaimTypeReferenceId="client_id" DefaultValue="aaaaaaaaaac" />
    <InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="aaaaaaaaaaaaaaaa" />
    **<InputClaim ClaimTypeReferenceId="signInNameWithoutZeros" PartnerClaimType="username" Required="true"/>**
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="oid" />
    <OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />
    <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
    <OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
    <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
    <OutputClaim ClaimTypeReferenceId="userPrincipalName" PartnerClaimType="upn" />
    <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
  </OutputClaims>
</TechnicalProfile>
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.