Azure AD B2C SAML Idp将SAML断言中的sessionIndex / sessionID提取到OAuth2 JWT中

时间:2018-10-30 22:33:08

标签: azure-ad-b2c

我已将SAML2 Idp与Azure AD B2C集成在一起。我能够执行oAuth2身份验证,并成功获取id_token和access_token。

我需要从SAML断言中将sso sessionIndex或会话ID提取到id_token / access_token中。我注意到sessionIndex / ID不以<saml:Attribute>的形式出现。但是它在<saml:AuthnStatement>下可用:

<saml:AuthnStatement AuthnInstant="2018-10-30T18:28:42Z"
        SessionIndex="A659D5A1B123456BA0EA744B80CB1AFA2EB6BBD14"
        SessionNotOnOrAfter="2018-10-31T02:30:42Z">
        <saml:AuthnContext>
            <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password
            </saml:AuthnContextClassRef>
        </saml:AuthnContext>
    </saml:AuthnStatement>

这是我的自定义策略设置:

    <ClaimsProvider>
  <Domain>samlIdp</Domain>
  <DisplayName>samlIdp</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="samlIdpProfile">
      <DisplayName>samlIdpProfile</DisplayName>
      <Description>Login with your account</Description>
      <Protocol Name="SAML2" />
      <Metadata>
        <Item Key="RequestsSigned">false</Item>
        <Item Key="WantsEncryptedAssertions">false</Item>
        <Item Key="WantsSignedAssertions">false</Item>
        <Item Key="PartnerEntity">https://samlIdp.com/.well-known/samlidp.xml</Item>
      </Metadata>
      <CryptographicKeys>
        <Key Id="SamlAssertionSigning" StorageReferenceId="B2C_1A_SAMLSigningCert" />
        <Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SAMLSigningCert" />
      </CryptographicKeys>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="userId" />
        <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
        <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name" />
        <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
        <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="username" />

        <!-- newly added claims -->
        <OutputClaim ClaimTypeReferenceId="sessionId" DefaultValue="na" PartnerClaimType="ID" />
        <OutputClaim ClaimTypeReferenceId="sessionIndex" DefaultValue="na" PartnerClaimType="sessionIndex" />

      </OutputClaims>
      <OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
        <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
        <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
        <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
      </OutputClaimsTransformations>
      <!--<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" /> -->
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml" />
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

我需要获取此sessionIndex作为我的oauth2 JWT的一部分。任何帮助,将不胜感激。

0 个答案:

没有答案
相关问题
最新问题