使用AADB2C身份体验框架自定义策略,我尝试创建一个允许多个社交提供商以及本地提供商的UserJourney,但只允许登录,而不是注册。当我上传包含UserJourney的TrustFrameworkExtensions文件时,上传失败并显示错误:
无法上传政策。原因:验证失败:2个验证错误 在政策" B2C_1A_TRUSTFRAMEWORKEXTENSIONS"中找到租户" mytenant.onmicrosoft.com" .ClaimsExchange with id" SignInWithLogonNameExchange"在UserJourney中引用id" SignInAny"在政策" B2C_1A_TrustFrameworkExtensions"租户" mytenant.onmicrosoft.com",但未找到.ClaimsExchange with id" SignInWithLogonNameExchange"在UserJourney中引用id" SignInAny"在政策" B2C_1A_TrustFrameworkExtensions"租户" MBHB2C.onmicrosoft.com",但未找到。
UserJourney的第一部分,我认为包含所有相关内容,是:
<UserJourney Id="SignInAny">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsProviderSelection" ContentDefinitionReferenceId="api.idpselections">
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="SignInWithLogonNameExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="KDEWebAppTestExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="MSAExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="GoogleExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="SignInWithLogonNameExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- Check if the user has selected to sign in using one of the social providers -->
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="KDEWebAppTestExchange" TechnicalProfileReferenceId="KDEWebAppTestProfile" />
<ClaimsExchange Id="MSAExchange" TechnicalProfileReferenceId="MSA-OIDC" />
<ClaimsExchange Id="GoogleExchange" TechnicalProfileReferenceId="Google-OAUTH" />
</ClaimsExchanges>
</OrchestrationStep>
...
</UserJourney>
</OrchestrationSteps>
我不明白未找到实际意味着什么。
建议?
谢谢!
马丁
答案 0 :(得分:2)
基本上,在OrchestrationStep
Order
1中,您有以下一行:
<ClaimsProviderSelection TargetClaimsExchangeId="SignInWithLogonNameExchange" />
TargetClaimsExchangeId
是对下一个ClaimsExchange
中OrchestrationStep
元素的引用。但是,在Id
设置为SignInWithLogonNameExchange
的情况下,您在下一步中没有与此相似的行。
<ClaimsExchange Id="GoogleExchange" TechnicalProfileReferenceId="Google-OAUTH" />
当用户点击与ClaimsProviderSelection
对应的按钮时,IEF不知道该怎么做(例如使用哪个技术配置文件)。