问题
I am using Azure AD B2C custom policies to get claims from a third party and map it to the claims which are returned in the Azure AD B2C token.
If the third party returns claims in the form of string, my User journey in the policy works fine. My problem is that the third party is returning the claims in the form of json. I couldn't find any relavant in the B2C policy's XML Schema that can handle this case.
Is there any way to do this using Azure AD B2C Custom policies ?
回答1:
Though I don't know what third part identity provider you're using, but I think you can achieve add the provider by adding custom providers in custom policies.
First, according to your post , I assume that you're using the Oauth/OIDC provider.
Example: Add LinkedIn as an identity provider by using custom policies:
In the <ClaimsProviders> element, add the following XML snippet:
<ClaimsProvider>
<Domain>linkedin.com</Domain>
<DisplayName>LinkedIn</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="LinkedIn-OAUTH">
<DisplayName>LinkedIn</DisplayName>
<Protocol Name="OAuth2" />
<Metadata>
<Item Key="ProviderName">linkedin</Item>
<Item Key="authorization_endpoint">https://www.linkedin.com/oauth/v2/authorization</Item>
<Item Key="AccessTokenEndpoint">https://www.linkedin.com/oauth/v2/accessToken</Item>
<Item Key="ClaimsEndpoint">https://api.linkedin.com/v1/people/~:(id,first-name,last-name,email-address,headline)</Item>
<Item Key="ClaimsEndpointAccessTokenName">oauth2_access_token</Item>
<Item Key="ClaimsEndpointFormatName">format</Item>
<Item Key="ClaimsEndpointFormat">json</Item>
<Item Key="scope">r_emailaddress r_basicprofile</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="UsePolicyInRedirectUri">0</Item>
<Item Key="client_id">Your LinkedIn application client ID</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_LinkedInSecret" />
</CryptographicKeys>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="id" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="firstName" />
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="lastName" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="emailAddress" />
<!--<OutputClaim ClaimTypeReferenceId="jobTitle" PartnerClaimType="headline" />-->
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="linkedin.com" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
Also, you can add <Item Key="AccessTokenResponseFormat">json</Item> to claim json type of endpoint.
You can see more details about Adding LinkedIn as an identity provider by using custom policies in this document.
Additional:
I don't know what third identity provider you're using , if it helps ,please let me know.
来源:https://stackoverflow.com/questions/48162534/json-type-claim-in-azure-ad-b2c-custom-policies