我已按照此处提供的指南在 Azure AD B2C 中设置了自定义策略:
https://learn.microsoft.com/azure/active-directory-b2c/active-directory-b2c-setup-sf-app-custom
我实际上已将 IdP 设置为 SSOCircle 而不是 SalesForce,这似乎一直有效,直到重定向到服务提供商断言消费者 URL
我添加了 Application Insights 以便进行故障排除,异常详细信息如下:
A Claim of ClaimType with id "socialIdpUserId" was not found, which is required by the ClaimsTransformationImpl of Type "Microsoft.Cpim.Data.Transformations.CreateAlternativeSecurityIdTransformation" for TransformationMethod "CreateAlternativeSecurityId" referenced by the ClaimsTransformation with id "CreateAlternativeSecurityId" in policy "B2C_1A_TrustFrameworkBase" of tenant "TENANT.onmicrosoft.com".
如有任何帮助,我们将不胜感激。
最佳答案
根据错误,您的 <ClaimsProvider>缺少 socialIdpUserId宣称。这是因为 <OutputClaim>条目有 ClaimTypeReferenceId="socialIdPUserId"丢失或映射到 SSOCircle 未提供的 PartnerClaimType。
来自"Create the Salesforce SAML claims provider in your base policy" section在您引用的该文档中:
<ClaimsProvider>
<Domain>salesforce</Domain>
<DisplayName>Salesforce</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="salesforce">
<DisplayName>Salesforce</DisplayName>
<Description>Login with your Salesforce account</Description>
<Protocol Name="SAML2"/>
<Metadata>
<Item Key="RequestsSigned">false</Item>
<Item Key="WantsEncryptedAssertions">false</Item>
<Item Key="WantsSignedAssertions">false</Item>
<Item Key="PartnerEntity">https://contoso-dev-ed.my.salesforce.com/.well-known/samlidp.xml</Item>
</Metadata>
<CryptographicKeys>
<Key Id="SamlAssertionSigning" StorageReferenceId="B2C_1A_SAMLSigningCert"/>
<Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SAMLSigningCert"/>
</CryptographicKeys>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="userId"/>
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name"/>
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name"/>
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email"/>
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="username"/>
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="externalIdp"/>
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="SAMLIdp" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
关于Azure Active Directory - 自定义策略错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45553943/