我正在使用自定义策略将Azure AD添加为我的Azure AdB2C实例的身份提供程序。
我将输出声明配置为从Azure AD获取,但未公开所有声明,
经过数小时的搜索后,为什么看不到所有输入(仅显示displayName,givenName,surname),我发现问题在于Azure AD没有在JWT中公开声明,
我尝试在应用程序应用程序注册的清单上配置它-“ optionalClaims”属性,但是什么也没有……
然后,我找到了一个解决该问题的PowerShell脚本,以及在JWT上公开的几乎所有声明。我唯一找不到解决方案的说法是“移动”。
你能告诉我我做错了什么吗?
这是我创建的powerShell脚本:
Import-Module -Name AzureADPreview
Connect-AzureAD -Confirm
<# to set the policy use this#>
Set-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true","ClaimsSchema":[{"Source":"User","ID":"postalCode","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalCode","JwtClaimType":"postalCode"},{"Source":"User","ID":"streetAddress","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetAddress","JwtClaimType":"streetAddress"},{"Source":"User","ID":"othermail","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/othermail","JwtClaimType":"othermail"},{"Source":"User","ID":"country","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country","JwtClaimType":"country"},{"Source":"User","ID":"telephoneNumber","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/telephoneNumber","JwtClaimType":"telephoneNumber"},{"Source":"User","ID":"mobile","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobile","JwtClaimType":"mobile"},{"Source":"User","ID":"jobtitle","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/jobtitle","JwtClaimType":"jobtitle"},{"Source":"User","ID":"city","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/city","JwtClaimType":"city"},{"Source":"User","ID":"state","SamlClaimType":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/state","JwtClaimType":"state"}]}}') -DisplayName "ExtraClaimsExample" -Type "ClaimsMappingPolicy" -Id <the policyId>
要查看架构定义,您可以查看它here