使用 azure AD B2C 自定义策略保存自定义定义的用户属性

时间:2021-04-22 13:32:52

标签: azure-active-directory azure-ad-b2c azure-ad-b2c-custom-policy

我们正在尝试设置自定义用户属性

enter image description here

我们已经成功地展示了定义它的 TrustFrameworkExtensions.xml ClaimsSchema

    <ClaimType Id="extension_GDPR_CONSENT">
        <DisplayName>extension_GDPR_CONSENT</DisplayName>
        <DataType>string</DataType>
        <UserInputType>CheckboxMultiSelect</UserInputType>
        <Restriction>
            <Enumeration Text="Accept" Value="true" SelectByDefault="false" />
        </Restriction>
    </ClaimType>

而且我们也设法在我们的注册表单中显示

 <DisplayName>Local Account</DisplayName>      
    <TechnicalProfiles>
        <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
            <DisplayClaims>
                <DisplayClaim DisplayControlReferenceId="emailVerificationControl"/>
                <!--DisplayClaim ClaimTypeReferenceId="displayName" Required="true" />
                <DisplayClaim ClaimTypeReferenceId="givenName" Required="true" />
                <DisplayClaim ClaimTypeReferenceId="surName" Required="true" /-->
                <DisplayClaim ClaimTypeReferenceId="newPassword" Required="true" />
                <DisplayClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
                <DisplayClaim ClaimTypeReferenceId="extension_GDPR_CONSENT" Required="true" />

我们也更新了

 <TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
          <Metadata>
            <Item Key="Operation">Write</Item>
            <Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
          </Metadata>
          <IncludeInSso>false</IncludeInSso>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
          </InputClaims>
          <PersistedClaims>
            <!-- Required claims -->
            <PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
            <PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
            <PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="TestCustomPolicy" />
            <PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" />
            <PersistedClaim ClaimTypeReferenceId="extension_GDPR_CONSENT"/>

为持久声明添加目录扩展

但是它给了我们一个验证错误?

问候

1 个答案:

答案 0 :(得分:1)

要在自定义策略中启用扩展属性,请在 AAD-Common 技术配置文件元数据中提供应用程序 ID 和应用程序对象 ID。

<ClaimsProvider>
<DisplayName>Azure Active Directory</DisplayName>
<TechnicalProfiles>
  <TechnicalProfile Id="AAD-Common">
    <Metadata>
      <!--Insert b2c-extensions-app application ID here, for example: 11111111-1111-1111-1111-111111111111-->  
      <Item Key="ClientId"></Item>
      <!--Insert b2c-extensions-app application ObjectId here, for example: 22222222-2222-2222-2222-222222222222-->
      <Item Key="ApplicationObjectId"></Item>
    </Metadata>
  </TechnicalProfile>
</TechnicalProfiles> 
</ClaimsProvider>

查看链接了解更多信息:https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-flow-custom-attributes?pivots=b2c-custom-policy

相关问题
最新问题