我正在尝试将本地帐户登录添加到我的自定义策略中,而不添加本地帐户注册。我已经创建了本地帐户注册策略,并使用它来创建了本地帐户。现在,如果我将这些凭据放入我的自定义策略中,它将无法正常工作,但我得到的唯一错误是“无效密码”。如果我在内置的本地帐户策略中输入相同的凭据,则会使我登录。
我什至在我的自定义策略中添加了注册支持,删除了我的用户,通过该自定义策略进行了注册,并尝试使用我刚创建的凭据登录:它仍然显示“无效密码”。如何进一步解决此问题?我已经了解了应用的见解,但输出效果不是很好。
{
"Kind": "HandlerResult",
"Content": {
"Result": false,
"RecorderRecord": {
"Values": [
{
"Key": "Validation",
"Value": {
"Values": [
{
"Key": "SubmittedBy",
"Value": null
},
{
"Key": "ProtocolProviderType",
"Value": "SelfAssertedAttributeProvider"
},
{
"Key": "TechnicalProfileEnabled",
"Value": {
"EnabledRule": "Always",
"EnabledResult": true,
"TechnicalProfile": "login-NonInteractive"
}
},
{
"Key": "ValidationTechnicalProfile",
"Value": {
"Values": [
{
"Key": "TechnicalProfileId",
"Value": "login-NonInteractive"
},
{
"Key": "MappingDefaultValueForClaim",
"Value": {
"PartnerClaimType": "client_id",
"PolicyClaimType": "client_id"
}
},
{
"Key": "MappingDefaultValueForClaim",
"Value": {
"PartnerClaimType": "resource",
"PolicyClaimType": "resource_id"
}
},
{
"Key": "MappingPartnerTypeForClaim",
"Value": {
"PartnerClaimType": "username",
"PolicyClaimType": "signInName"
}
},
{
"Key": "MappingPartnerTypeForClaim",
"Value": {
"PartnerClaimType": "password",
"PolicyClaimType": "password"
}
},
{
"Key": "MappingDefaultValueForClaim",
"Value": {
"PartnerClaimType": "grant_type",
"PolicyClaimType": "grant_type"
}
},
{
"Key": "MappingDefaultValueForClaim",
"Value": {
"PartnerClaimType": "scope",
"PolicyClaimType": "scope"
}
},
{
"Key": "MappingDefaultValueForClaim",
"Value": {
"PartnerClaimType": "nca",
"PolicyClaimType": "nca"
}
}
]
}
},
{
"Key": "Exception",
"Value": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "Invalid username or password.",
"Data": {}
}
}
]
}
}
]
},
"Statebag": {
"Complex-CLMS": {},
"ComplexItems": "_MachineEventQ, REPRM, TCTX, S_CTP, M_EXCP"
},
"Exception": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "Invalid username or password.",
"Data": {}
},
"PredicateResult": "False"
}
},
答案 0 :(得分:0)
常见的原因是自定义策略的the extension file中的 ProxyIdentityExperienceFramework 应用程序配置错误。
您必须确保:
ProxyIdentityExperienceFramework 应用程序的配置很重要,因为the login-NonInteractive technical profile通过使用资源所有者密码凭据授予类型向您的Azure AD B2C目录发送访问令牌请求来验证本地帐户。
就像对Azure AD目录的所有访问令牌请求一样,此访问请求必须包含客户端应用程序(即 ProxyIdentityExperienceFramework )应用程序的应用程序标识符和资源应用程序(即< strong> ProxyIdentityExperienceFramework 应用程序。)
答案 1 :(得分:0)
确保已将正确的ID分配给TrustFrameworkExtensions.xml
中的正确项目我将ID交换了一下,因为我认为它们的顺序应与created in相同。
<Metadata>
<Item Key="client_id">ProxyIdentityExperienceFrameworkAppId</Item>
<Item Key="IdTokenAudience">IdentityExperienceFrameworkAppId</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="client_id" DefaultValue="ProxyIdentityExperienceFrameworkAppId" />
<InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="IdentityExperienceFrameworkAppId" />
</InputClaims>