在AADB2C中为OpenAthens Cloud设置OIDC / OAuth的声明提供者

时间:2018-07-31 12:31:06

标签: azure-ad-b2c

我一直在尝试针对OpenAthens Cloud在AAD B2C的自定义策略中设置新的声明提供程序。

除了从OpenAthens登录后返回时,它似乎未返回预期的id_token,其他一切似乎都工作正常。 我在openathens中设置的回发网址是:https://login.microsoftonline.com/te/ {mytenant} .onmicrosoft.com / oauth2 / authresp

openathens中的元数据端点似乎表明它仅适用于“代码”?!

我的Claimsprovider xml:

<ClaimsProvider>
 <Domain>OpenAthens</Domain>
 <DisplayName>Login using OpenAthens</DisplayName>
 <TechnicalProfiles>
    <TechnicalProfile Id="openathensClaimsProvider">
      <DisplayName>OpenAthens</DisplayName>
      <Description>Login with your OpenAthens account</Description>
        <Protocol Name="OpenIdConnect"/>
        <OutputTokenFormat>JWT</OutputTokenFormat>
        <Metadata>
          <Item Key="METADATA">https://connect.openathens.net/.well-known/openid-configuration</Item>
          <Item Key="response_types">id_token</Item>
          <Item Key="response_mode">form_post</Item>
          <Item Key="scope">openid</Item>
          <Item Key="UsePolicyInRedirectUri">false</Item>
          <Item Key="client_id">{domain}.com.oidc-app-v1.3060a97c-bc06-49d7-a827-f2137828f51c</Item>
          <Item Key="AccessTokenResponseFormat">json</Item>
        </Metadata>
        <CryptographicKeys>
            <Key Id="client_secret" StorageReferenceId="B2C_1A_OpenAthens"/>
        </CryptographicKeys>
        <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="eduPersonTargetedID"/>
            <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="forenames" />
            <OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="surname" />
            <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="username" />
            <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="emailAddress" />
            <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="externalIdp"/>
            <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="https://idp.{domain}.com/openathens" />
        </OutputClaims>
        <OutputClaimsTransformations>
            <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
            <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
            <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
            <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>
        </OutputClaimsTransformations>
        <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
    </TechnicalProfile>
 </TechnicalProfiles>
</ClaimsProvider>

所以,我的问题是:

  • 是openathens实际上没有返回id_token的情况,因此还没有准备好集成到aadb2c(在这种情况下为SP)吗?

  • 回发URL是否正确?:https://login.microsoftonline.com/te/ {tenant} .onmicrosoft.com / oauth2 / authresp

0 个答案:

没有答案
相关问题
最新问题