gpt4 book ai didi

azure - 通过自定义策略将多个社交帐户链接到 Azure B2C 本地帐户

转载 作者:行者123 更新时间:2023-12-03 01:37:03 37 4
gpt4 key购买 nike

我正在尝试将 Azure B2C 本地帐户与多个(Facebook、Google)社交提供商关联。

我已成功设置示例 here .

但它始终只将一个社交提供商写入本地帐户。如果我首先链接 Facebook,然后尝试链接 Google,Facebook userIdentities 项目将被覆盖。反之亦然。

我尝试替换 Protocol使用 AAD-UserWriteProfileUsingObjectId 但用户对象未更新。

我认为协议(protocol)可能存在问题,它只覆盖而不附加。

仅包含一个社交提供商:

   "userIdentities": [
{
"issuer": "google.com",
"issuerUserId": "MDExMDk2RTg3NTM0OTk3Mjk5OTI3"
}
],

这是更新本地用户社交帐户的用户旅程部分

        <!-- Demo: Updates the social account for a user, identified by the object
identifier for the user, in the Azure AD identity store.
An error is raised if the user does not exist. -->
<OrchestrationStep Order="6" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AAD-UserWriteUsingAlternativeSecurityId-ThrowIfNotExists" TechnicalProfileReferenceId="AAD-UserWriteUsingAlternativeSecurityId-ThrowIfNotExists" />
</ClaimsExchanges>
</OrchestrationStep>
And here is the corresponding Technical profile:

<TechnicalProfile Id="AAD-UserWriteUsingAlternativeSecurityId-ThrowIfNotExists">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" Required="true" />
</InputClaims>
<PersistedClaims>
<PersistedClaim ClaimTypeReferenceId="objectId" />
<!-- Demo: Persist the alternativeSecurityId claim -->
<PersistedClaim ClaimTypeReferenceId="alternativeSecurityId" />
</PersistedClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>

但是用户对象应该同时包含 Google 和 Facebook:

   "userIdentities": [
{
"issuer": "google.com",
"issuerUserId": "MDExMDk2RTg3NTM0OTk3Mjk5OTI3"
},
{
"issuer": "facebook.com",
"issuerUserId": "KVExMDk2RTg3NTM0OTk3Mjk5OTI4"
}
],

最佳答案

您可以使用 the social accounts claims transformations 添加和删除 userIdentities 属性。 .

首先,声明一个 alternativeSecurityIds 声明:

<ClaimType Id="alternativeSecurityIds">
<DisplayName>Alternative Security IDs</DisplayName>
<DataType>alternativeSecurityIdCollection</DataType>
</ClaimType>

接下来,将 alternativeSecurityIds 声明作为输出声明添加到 the AAD-UserReadUsingObjectId technical profile ,获取用户的现有用户身份:

<TechnicalProfile Id="AAD-UserReadUsingObjectId">
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="alternativeSecurityIds" />
</OutputClaims>
</TechnicalProfile>

接下来,声明 AddAlternativeSecurityIdToAlternativeSecurityIds 声明转换,以将新的备用安全 ID 项添加到现有的备用安全 ID 集合中:

<ClaimsTransformation Id="AddAlternativeSecurityIdToAlternativeSecurityIds" TransformationMethod="AddItemToAlternativeSecurityIdCollection">
<InputClaims>
<InputClaim ClaimTypeReferenceId="alternativeSecurityId" TransformationClaimType="item" />
<InputClaim ClaimTypeReferenceId="alternativeSecurityIds" TransformationClaimType="collection" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="alternativeSecurityIds" TransformationClaimType="collection" />
</OutputClaims>
</ClaimsTransformation>

接下来,将 AddAlternativeSecurityIdToAlternativeSecurityIds 声明转换添加为每个社交帐户声明提供程序的输出声明转换,以添加新的用户身份(由 CreateAlternativeSecurityId 创建) > 声明转换)到用户的现有用户身份(由 AAD-UserReadUsingObjectId 技术配置文件检索):

<ClaimsProvider>
<Domain>facebook.com</Domain>
<DisplayName>Facebook</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="Facebook-OAUTH">
<OutputClaimsTransformations>
...
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
<OutputClaimsTransformation ReferenceId="AddAlternativeSecurityIdToAlternativeSecurityIds" />
</OutputClaimsTransformations>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>

最后,不要引用 alternativeSecurityId 声明,而是引用 alternativeSecurityIds 声明,作为 the AAD-UserWriteUsingAlternativeSecurityId-ThrowIfNotExists technical profile 中的持久声明。 ,更新用户的现有用户身份:

<TechnicalProfile Id="AAD-UserWriteUsingAlternativeSecurityId-ThrowIfNotExists">
<PersistedClaims>
<PersistedClaim ClaimTypeReferenceId="objectId" />
<PersistedClaim ClaimTypeReferenceId="alternativeSecurityIds" />
</PersistedClaims>
</TechnicalProfile>

关于azure - 通过自定义策略将多个社交帐户链接到 Azure B2C 本地帐户,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57109641/

37 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com