问题
I am trying to use the OAUTH-KV
Claims Resolver to extract the value of a parameter named foo
passed to an AAD B2C custom policy authorize
endpoint as a claim, also named foo
.
The foo
ClaimType
is defined as
<ClaimType Id="foo">
<DisplayName>Foo debug claim</DisplayName>
<DataType>string</DataType>
<UserInputType>TextBox</UserInputType>
</ClaimType>
and the TechnicalProfile
as
<TechnicalProfile Id="LocalAccount-Register">
<DisplayName>Register</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.localaccount.registration.prescribedfirm</Item>
<Item Key="IpAddressClaimReferenceId">IpAddress</Item>
<Item Key="language.button_continue">Create</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="foo" DefaultValue="{OAUTH-KV:foo}" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="foo" Required="true" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
However the value for foo
is displayed as {OAUTH-KV:foo}
rather than the actual value passed.
I believe I have followed the instructions from the documentation.
Is there something else I need to do to make this work?
EDIT
The documentation relating to claim resolvers was updated 25-01-2019 here https://docs.microsoft.com/en-us/azure/active-directory-b2c/claim-resolver-overview, according to which this should work.
I am unable to get any claim resolver to show anything except the markup, i.e. {Context:CorrelationId}
, {OIDC:LoginHint}
, etc.
Does anyone know if there are any magic Metadata
values required to make this work?
I am sure I am doing something wrong, leaving something out, but am unable to figure out what.
Any helpful pointers would be most welcome.
回答1:
Claims resolvers only work in specific Technical Profiles, those being REST API and SelfAsserted (combined sign up and sign in content definition at the orchestrations step). It explicitly only works in the examples provided in the document.
回答2:
I know it is late. See my answer here
You have to configure the metadata of the technical profile and set the AlwaysUseDefaultValue property of the input claim.
来源:https://stackoverflow.com/questions/53008134/oauth-kv-claims-resolver-in-aad-b2c-does-not-work