Microsoft文档中B2C重置密码流不起作用
提问于 2021-06-21 21:49:54
我遵循microsoft为自定义策略模板和初学者包提供的配置示例(请注意,初学者包在1.0.0版上仍然具有API页面布局的所有模板)。我已经将流程更新为模板2.1.4(最新版本),以及1.2.1或微软在此页面上推荐的其他版本:https://docs.microsoft.com/en-us/azure/active-directory-b2c/contentdefinitions#migrating-to-page-layout。
但是,每次上传完我的3个自定义策略(base、extension、signupsignin)后点击忘记密码链接时,我在appInsights实例中都会收到以下错误:
在租户"yourTenant.onmicrosoft.com“的id为"AAD-UserReadUsingAlternativeSecurityId-NoError”策略"B2C_1A_signup_signin“的技术配置文件中定义的id为"alternativeSecurityId”的查找索赔中找不到索赔。
注意:我在这里输入了“Note tenant”,但它显然不是我的租户姓名。登录流程以及我对策略所做的任何其他自定义都工作正常。我甚至回过头来将策略设置为不进行任何自定义,只是尝试设置密码重置流程,但仍然没有可用的示例。
不幸的是,没有太多的信息在那里帮助我解决这个错误,所以我想问社区一些指针或如果有人有一个重置策略的这一部分的工作示例,如果不只是考虑为重置密码创建一个标准的userJourney,因为推荐的版本显然不起作用。
回答 1
Stack Overflow用户
回答已采纳
发布于 2021-06-22 16:48:25
好了,经过两天的反复试验,我终于让它工作了。因此,说明中缺少一个步骤。在用于忘记密码的索赔交换之后,但在调用子旅程之前,您实际上必须调用索赔交换。话虽如此,我还是这样做的:
<!--This step will trigger the actual forgot password exchange and show us the page from the integrated policy.-->
<OrchestrationStep Order="4" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="ForgotPasswordXchange" TechnicalProfileReferenceId="ForgotPassword" />
</ClaimsExchanges><!--Id must be unique-->
</OrchestrationStep>
如果有人想要更正一些东西,或者发送更新或建议,这就是我的用户之旅最终是什么样子,以及我的子旅程:
<UserJourneys>
<UserJourney Id="CustomSignUpOrSignIn">
<OrchestrationSteps>
<!-- HRD initialization -->
<!-- Changes based off of <UserJourney Id="HRD_Internal"> -->
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="HRD" TechnicalProfileReferenceId="HRD_Function" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<Preconditions>
<!--
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>idp</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
-->
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>idpHint</Value>
<Value></Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="TestExchange1" />
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="ForgotPasswordExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- Check if the user has selected to sign in using one of the social providers -->
<OrchestrationStep Order="3" Type="ClaimsExchange">
<Preconditions>
<!--
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>idp</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
-->
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>idpHint</Value>
<Value></Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="TestExchange1" TechnicalProfileReferenceId="ConcentrixAD-OpenIdConnect" />
<ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
<ClaimsExchange Id="ForgotPasswordExchange" TechnicalProfileReferenceId="ForgotPassword" />
</ClaimsExchanges>
</OrchestrationStep>
<!--This step will trigger the actual forgot password exchange and show us the page from the integrated policy.-->
<OrchestrationStep Order="4" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="ForgotPasswordExchange" TechnicalProfileReferenceId="ForgotPassword" />
</ClaimsExchanges> <!--Id must be unique-->
</OrchestrationStep>
<OrchestrationStep Order="5" Type="InvokeSubJourney">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="false">
<Value>isForgotPassword</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<JourneyList>
<Candidate SubJourneyReferenceId="PasswordReset" />
</JourneyList>
</OrchestrationStep>
<OrchestrationStep Order="6" Type="ClaimsExchange" ContentDefinitionReferenceId="api.signuporsignin">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>idpHint</Value>
<Value>okta</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="HintedOktaSAMLExchange" TechnicalProfileReferenceId="Okta-SAML2" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- For social IDP authentication, attempt to find the user account in the directory. -->
<OrchestrationStep Order="7" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>authenticationSource</Value>
<Value>localAccountAuthentication</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadUsingAlternativeSecurityId" TechnicalProfileReferenceId="AAD-UserReadUsingAlternativeSecurityId-NoError" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- Show self-asserted page only if the directory does not have the user account already (i.e. we do not have an objectId).
This can only happen when authentication happened using a social IDP. If local account was created or authentication done
using ESTS in step 2, then an user account must exist in the directory by this time. -->
<OrchestrationStep Order="8" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SelfAsserted-Social" TechnicalProfileReferenceId="SelfAsserted-Social" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- This step reads any user attributes that we may not have received when authenticating using ESTS so they can be sent
in the token. -->
<OrchestrationStep Order="9" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>authenticationSource</Value>
<Value>socialIdpAuthentication</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- The previous step (SelfAsserted-Social) could have been skipped if there were no attributes to collect
from the user. So, in that case, create the user in the directory if one does not already exist
(verified using objectId which would be set from the last step if account was created in the directory. -->
<OrchestrationStep Order="10" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="AADUserWrite" TechnicalProfileReferenceId="AAD-UserWriteUsingAlternativeSecurityId" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="11" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>
</UserJourneys>
<SubJourneys>
<SubJourney Id="PasswordReset" Type="Call">
<OrchestrationSteps>
<!--Validate user's email address. Run this step only when user resets the password-->
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="PasswordResetUsingEmailAddressExchange" TechnicalProfileReferenceId="LocalAccountDiscoveryUsingEmailAddress" />
</ClaimsExchanges>
</OrchestrationStep>
<!--Collect and persist a new password. Run this step only when user resets the password-->
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountWritePasswordUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
</OrchestrationSteps>
</SubJourney>
</SubJourneys>
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/68075125
复制相关文章
![[Python开发技巧]·解决Django render() got an unexpected keyword argument 'renderer'问题](https://ask.qcloudimg.com/http-save/yehe-2144603/mb8w9ththc.jpeg)
腾讯云开发者
