我对一个SP有一些b2c SAML CustomPolicy。在这里,我有一些OutputClaims。现在,我想发送一个具有某种逻辑的索赔,并尝试设置OutputClaimTransformations。
我的情况:我将向克罗地亚发送索赔“ ABCString:0,1”,向德国发送索赔“ ABCString:0,2”。 0是我需要发送的一些默认值,下一个值应该取决于国家/地区。因此,我为默认值创建了一个转换,然后为依赖国家/地区的创建了一个转换,然后将两者合并到一个集合中,并将它们合并为一个字符串。我附加了XML。
问题是:“ ABCString”从未发送到应用程序。完全没有使用ClaimsTransformations的OutputClaims。我发现的所有示例都在Extension或Base File中,并且使用的是“ persistent”字段。我只想根据要求构建值。
对此有一些想法吗?
我的xml:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
PolicySchemaVersion="0.3.0.0"
TenantId="xxx.onmicrosoft.com"
PolicyId="B2C_1A_signup_signin_xxx-test"
PublicPolicyUri="http://xxx.onmicrosoft.com/B2C_1A_signup_signin_xxx-test" >
<BasePolicy>
<TenantId>xxx.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
</BasePolicy>
<BuildingBlocks>
<ClaimsSchema>
<ClaimType Id="ABCCollection">
<DisplayName>abc</DisplayName>
<DataType>stringCollection</DataType>
<UserHelpText>abc.</UserHelpText>
</ClaimType>
<ClaimType Id="ABCString">
<DisplayName>abcs</DisplayName>
<DataType>string</DataType>
<UserHelpText>abcs.</UserHelpText>
</ClaimType>
<ClaimType Id="DEFString">
<DisplayName>defs</DisplayName>
<DataType>string</DataType>
<UserHelpText>defs</UserHelpText>
</ClaimType>
<ClaimType Id="GHIString">
<DisplayName>ghis</DisplayName>
<DataType>string</DataType>
<UserHelpText>ghis.</UserHelpText>
</ClaimType>
</ClaimsSchema>
<ClaimsTransformations>
<ClaimsTransformation Id="SetDefault" TransformationMethod="AddParameterToStringCollection">
<InputClaims>
<InputClaim ClaimTypeReferenceId="ABCString" TransformationClaimType="collection" />
</InputClaims>
<InputParameters>
<InputParameter Id="item" DataType="string" Value="0" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="ABCCollection" TransformationClaimType="collection" />
</OutputClaims>
</ClaimsTransformation>
<ClaimsTransformation Id="GetCountrySpecific" TransformationMethod="LookupValue">
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_country" TransformationClaimType="inputParameterId" />
</InputClaims>
<InputParameters>
<InputParameter Id="CROATIA" DataType="string" Value="1" />
<InputParameter Id="GERMANY" DataType="string" Value="2" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="DEFString" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
<ClaimsTransformation Id="MergeDefaultWithCountry" TransformationMethod="AddItemToStringCollection">
<InputClaims>
<InputClaim ClaimTypeReferenceId="DEFString" TransformationClaimType="item" />
<InputClaim ClaimTypeReferenceId="ABCCollection" TransformationClaimType="collection" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="ABCCollection" TransformationClaimType="collection" />
</OutputClaims>
</ClaimsTransformation>
<ClaimsTransformation Id="ConvertTeamCollectionToString" TransformationMethod="StringJoin">
<InputClaims>
<InputClaim ClaimTypeReferenceId="ABCCollection" TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter DataType="string" Id="delimiter" Value="," />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="ABCString" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
</ClaimsTransformations>
<ContentDefinitions>
<ContentDefinition Id="api.signuporsignin">
<LoadUri>https://api.contoso.com/test/azure/html/xxx.cshtml</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:1.2.0</DataUri>
<Metadata>
<Item Key="DisplayName">Signin and Signup</Item>
</Metadata>
</ContentDefinition>
</ContentDefinitions>
</BuildingBlocks>
<ClaimsProviders>
<ClaimsProvider>
<Domain>app.contoso.com</Domain>
<DisplayName>SAML2 for App</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="Saml2App">
<DisplayName>SAML2 for App</DisplayName>
<Protocol Name="None" />
<OutputTokenFormat>SAML2</OutputTokenFormat>
<Metadata>
<Item Key="IssuerUri">https://xxx.b2clogin.com/xxx.onmicrosoft.com/B2C_1A_signup_signin_xxx-test</Item>
</Metadata>
<CryptographicKeys>
<Key Id="MetadataSigning" StorageReferenceId="B2C_1A_mycert"/>
<Key Id="SamlAssertionSigning" StorageReferenceId="B2C_1A_mycert"/>
<Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_mycert"/>
</CryptographicKeys>
<InputClaims/>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml"/>
</TechnicalProfile>
<TechnicalProfile Id="SM-Saml">
<DisplayName>Session Management Provider</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.SamlSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
<UserJourneys>
<UserJourney Id="SignUpOrSignInSAML2App">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="Saml2App" />
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>
</UserJourneys>
<RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignInSAML2App" />
<UserJourneyBehaviors>
<ScriptExecution>Allow</ScriptExecution>
</UserJourneyBehaviors>
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="SAML2"/>
<Metadata>
<Item Key="PartnerEntity"><![CDATA[<?xml version="1.0" encoding="UTF-8" standalone="yes" ?><some definition>]]></Item>
<Item Key="client_id">xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</Item>
<Item Key="IdTokenAudience">yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy</Item>
<Item Key="XmlSignatureAlgorithm">Sha256</Item>
</Metadata>
<CryptographicKeys>
<Key Id="MetadataSigning" StorageReferenceId="B2C_1A_mycert"/>
<Key Id="SamlAssertionSigning" StorageReferenceId="B2C_1A_mycert"/>
<Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_mycert"/>
</CryptographicKeys>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surname" />
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="" />
<OutputClaim ClaimTypeReferenceId="GHIString" DefaultValue="123" />
<OutputClaim ClaimTypeReferenceId="extension_country" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="GetCountrySpecific" />
<OutputClaimsTransformation ReferenceId="SetDefault" />
<OutputClaimsTransformation ReferenceId="MergeDefaultWithCountry" />
<OutputClaimsTransformation ReferenceId="ConvertTeamCollectionToString" />
</OutputClaimsTransformations>
<SubjectNamingInfo ClaimType="Email" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" ExcludeAsClaim="false"/>
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
我不相信依赖方技术资料会调用任何输出声明转换。
相反,您必须在用户使用过程中调用输出声明转换,如下所示。
<TechnicalProfile Id="ClaimsTransformation-CreateABCStringClaim">
<DisplayName>Create ABCString Claim</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="ABCString" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="GetCountrySpecific" />
<OutputClaimsTransformation ReferenceId="SetDefault" />
<OutputClaimsTransformation ReferenceId="MergeDefaultWithCountry" />
<OutputClaimsTransformation ReferenceId="ConvertTeamCollectionToString" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>
<OrchestrationStep Order="4" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="ClaimsTransformation-CreateABCStringClaim" TechnicalProfileReferenceId="ClaimsTransformation-CreateABCStringClaim" />
</ClaimsExchanges>
</OrchestrationStep>