Question

我尝试将自定义策略从ADB2C租户克隆到另一个通过＆＃34;身份体验框架上传XML文件的策略＆＃34;接口但我收到以下错误：

Unable to upload policy. Reason : Validation failed: 1 validation error(s) found in policy "B2C_1A_B2C_1_SIGNUPIN" of tenant "tenant.onmicrosoft.com".Policy 'B2C_1A_B2C_1_SignUpIn' of tenant 'tenat.onmicrosoft.com' is not allowed to inherit from the specified base policy. Inheritance chain: {
 "TenantId": "tenant.onmicrosoft.com",
 "PolicyId": "base-v1",
 "TenantObjectId": "xxxx...",
 "Root": true,
 "Derived": {
 "TenantId": "tenant.onmicrosoft.com",
 "PolicyId": "B2C_1A_B2C_1_SignUpIn",
 "TenantObjectId": "yyyy...",
 "Rule": "All",
 "InheritanceAllowed": false,
 "Reason": "Policy 'B2C_1A_B2C_1_SignUpIn' in tenant 'yyyyy...' is blocked from inheriting policies from 'xxxx...' as the basic policy constraint handler 'B2CBasicPoliciesOnly' cannot match the policy id to a prefix or registered policy id."
 }
 }

这是政策内容：

<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
  xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" 
  TenantId="tenant.onmicrosoft.com" TenantObjectId="xxx...." 
  PolicyId="B2C_1_SignUpIn" PublicPolicyUri="http://tenant.onmicrosoft.com/">
  <BasePolicy>
    <TenantId>tenant.onmicrosoft.com</TenantId>
    <PolicyId>base-v1</PolicyId>
  </BasePolicy>
  <BuildingBlocks>
    <ClaimsSchema>
      <ClaimType Id="displayName">
        <DisplayName>Username</DisplayName>
        <DataType>string</DataType>
        <Restriction MergeBehavior="Append" />
      </ClaimType>
      <ClaimType Id="givenName">
        <DisplayName>First Name</DisplayName>
        <DataType>string</DataType>
        <Restriction MergeBehavior="Append" />
      </ClaimType>
      <ClaimType Id="surname">
        <DisplayName>Last name</DisplayName>
        <DataType>string</DataType>
        <Restriction MergeBehavior="Append" />
      </ClaimType>
      <ClaimType Id="extension_Service">
        <DisplayName>Service Name</DisplayName>
        <DataType>string</DataType>
        <Restriction MergeBehavior="Append" />
      </ClaimType>
    </ClaimsSchema>
  </BuildingBlocks>
  <ClaimsProviders>
    <ClaimsProvider>
      <DisplayName>PhoneFactor</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="PhoneFactor-Common">
          <EnabledForUserJourneys>OnClaimsExistence</EnabledForUserJourneys>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
    <ClaimsProvider>
      <DisplayName>Token Issuer</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="JwtIssuer">
          <Metadata>
            <Item Key="token_lifetime_secs">3600</Item>
            <Item Key="id_token_lifetime_secs">3600</Item>
            <Item Key="refresh_token_lifetime_secs">1209600</Item>
            <Item Key="rolling_refresh_token_lifetime_secs">7776000</Item>
            <Item Key="IssuanceClaimPattern">AuthorityAndTenantGuid</Item>
            <Item Key="AuthenticationContextReferenceClaimPattern">None</Item>
          </Metadata>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
    <ClaimsProvider>
      <DisplayName>Self Asserted</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="SelfAsserted-Input">
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="displayName" />
            <InputClaim ClaimTypeReferenceId="givenName" />
            <InputClaim ClaimTypeReferenceId="surname" />
            <InputClaim ClaimTypeReferenceId="extension_Organization" />
            <InputClaim ClaimTypeReferenceId="extension_Department" />
            <InputClaim ClaimTypeReferenceId="extension_Service" />
          </InputClaims>
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="displayName" Required="true" />
            <OutputClaim ClaimTypeReferenceId="givenName" Required="true" />
            <OutputClaim ClaimTypeReferenceId="surname" Required="true" />
            <OutputClaim ClaimTypeReferenceId="extension_Organization" Required="true" />
            <OutputClaim ClaimTypeReferenceId="extension_Department" Required="true" />
            <OutputClaim ClaimTypeReferenceId="extension_Service" Required="true" />
          </OutputClaims>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
    <ClaimsProvider>
      <DisplayName>Azure Active Directory</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="AAD-ReadCommon">
          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="givenName" />
            <OutputClaim ClaimTypeReferenceId="surname" />
            <OutputClaim ClaimTypeReferenceId="extension_Organization" />
            <OutputClaim ClaimTypeReferenceId="extension_Department" />
            <OutputClaim ClaimTypeReferenceId="extension_Service" />
          </OutputClaims>
        </TechnicalProfile>
        <TechnicalProfile Id="AAD-WriteCommon">
          <PersistedClaims>
            <PersistedClaim ClaimTypeReferenceId="displayName" />
            <PersistedClaim ClaimTypeReferenceId="givenName" />
            <PersistedClaim ClaimTypeReferenceId="surname" />
            <PersistedClaim ClaimTypeReferenceId="extension_Organization" />
            <PersistedClaim ClaimTypeReferenceId="extension_Department" />
            <PersistedClaim ClaimTypeReferenceId="extension_Service" />
          </PersistedClaims>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
  </ClaimsProviders>
  <UserJourneys>
    <UserJourney Id="B2CSignUpOrSignInWithPassword">
      <OrchestrationSteps>
        <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signinandsignupwithpassword">
          <ClaimsProviderSelections>
            <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
          </ClaimsProviderSelections>
        </OrchestrationStep>
      </OrchestrationSteps>
    </UserJourney>
  </UserJourneys>
  <RelyingParty>
    <DefaultUserJourney ReferenceId="B2CSignUpOrSignInWithPassword" />
    <UserJourneyBehaviors>
      <SingleSignOn Scope="Tenant" />
      <SessionExpiryType>Rolling</SessionExpiryType>
      <SessionExpiryInSeconds>86400</SessionExpiryInSeconds>
    </UserJourneyBehaviors>
    <TechnicalProfile Id="PolicyProfile">
      <DisplayName>PolicyProfile</DisplayName>
      <Protocol Name="OpenIdConnect" />
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="emails" />
        <OutputClaim ClaimTypeReferenceId="objectId" />
        <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
        <OutputClaim ClaimTypeReferenceId="newUser" />
        <OutputClaim ClaimTypeReferenceId="surname" />
        <OutputClaim ClaimTypeReferenceId="givenName" />
        <OutputClaim ClaimTypeReferenceId="identityProvider" />
        <OutputClaim ClaimTypeReferenceId="extension_Organization" />
        <OutputClaim ClaimTypeReferenceId="extension_Service" />
        <OutputClaim ClaimTypeReferenceId="extension_Department" />
        <OutputClaim ClaimTypeReferenceId="trustFrameworkPolicy" Required="true" DefaultValue="{policy}" />
      </OutputClaims>
      <SubjectNamingInfo ClaimType="sub" />
    </TechnicalProfile>
  </RelyingParty>
</TrustFrameworkPolicy>

Answer 1

不支持下载标准政策然后上传它们（无论是否修改）。

看起来就是您尝试过的，这使您的标准策略成为自定义策略。自定义策略在继承层次结构中不能具有base-v1。 base-v1策略严格意味着由标准策略使用。

该错误表示您的（现在）自定义策略继承自base-v1。

有没有办法将策略从租户克隆到Azure ADB2C中的另一个租户？

1 个答案: