Identity Experience Framework - getting the email claim with a multi-tenant Azure AD custom policy

帅比萌擦擦* 提交于 2021-02-11 15:24:47

问题


I've followed the instructions here to set up the Azure AD multi-tenant custom policy in the Identity Experience Framework: https://docs.microsoft.com/en-gb/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom?tabs=applications

However I'm unable to get a claim back containing the email address (corresponding to the "user name" from the external active directory).

The main single-tenant active directory setup works fine, when I use this claim mapping (and the other "social" provider accounts work with PartnerClaimType="email"):

<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="upn" />

However I've tried the following combinations for the multi-tenant, and I don't seem to be getting the data back from the provider:

<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="upn" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="mail" />

Please can someone let me know the correct claim mapping for this, to get the email output from the user flow?


回答1:


What you are looking for is "preferred_username".

Add <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="preferred_username" /> into TrustFrameworkExtensions.xml file to see if it works.



来源:https://stackoverflow.com/questions/59272499/identity-experience-framework-getting-the-email-claim-with-a-multi-tenant-azur

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!