"ClaimsProviderSelection“不像预期的那样工作。
"ClaimsProviderSelection“不像预期的那样工作。
提问于 2022-03-17 19:05:03
我有一个用户邀请自定义策略,用户将得到一个链接的电子邮件和该链接将有一个令牌。我的要求是,我想向用户展示两个选项:
- 更改密码
- 登录与其他提供程序
下面是我的用户之旅,
<UserJourneys>
<UserJourney Id="SignInWithInvitationLink">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="GetClaims" CpimIssuerTechnicalProfileReferenceId="IdTokenHint_ExtractClaims" />
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>email</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SelfAsserted-Unsolicited" TechnicalProfileReferenceId="SelfAsserted-Unsolicited" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadUsingEmailAddress" TechnicalProfileReferenceId="AAD-UserInvitationStatusReadUsingEmailAddress"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="4" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="Copy-UPN" TechnicalProfileReferenceId="CopyUserUPN"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="5" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>userPrincipalName</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SelfAssertedUserNotFound" TechnicalProfileReferenceId="SelfAsserted-UserNotFound" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="6" Type="ClaimsProviderSelection" ContentDefinitionReferenceId="api.idpselections">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>extension_isinvitationaccepted</Value>
<Value>True</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="LocalAccountChangePassword"/>
<ClaimsProviderSelection TargetClaimsExchangeId="AzureADExchangeWithAADtoken"/>
</ClaimsProviderSelections>
</OrchestrationStep>
<OrchestrationStep Order="7" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>extension_isinvitationaccepted</Value>
<Value>True</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountChangePassword" TechnicalProfileReferenceId="LocalAccountWritePasswordUsingUPN" />
<ClaimsExchange Id="AzureADExchangeWithAADtoken" TechnicalProfileReferenceId="EmailValidator"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="8" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>extension_isinvitationaccepted</Value>
<Value>True</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>provider</Value>
<Value>Microsoft</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="AADUserLogin" TechnicalProfileReferenceId="AzureADProfile_issueAADtoken"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="9" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>extension_isinvitationaccepted</Value>
<Value>True</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>provider</Value>
<Value>Google</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="GoogleUserLogin" TechnicalProfileReferenceId="Google-OAuth2"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="10" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>extension_isinvitationaccepted</Value>
<Value>True</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>provider</Value>
<Value>Facebook</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="FacebookLogin" TechnicalProfileReferenceId="Facebook-OAUTH"/>
</ClaimsExchanges>
</OrchestrationStep>
<!-- For external IDP authentication, attempt to find the user account in the directory. -->
<OrchestrationStep Order="11" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>extension_isinvitationaccepted</Value>
<Value>True</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>authenticationSource</Value>
<Value>localAccountAuthentication</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadUsingAlternativeSecurityId" TechnicalProfileReferenceId="AAD-UserReadUsingAlternativeSecurityId-NoError"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="12" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>extension_isinvitationaccepted</Value>
<Value>True</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SelfAsserted-Social" TechnicalProfileReferenceId="SelfAsserted-Social"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="13" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>authenticationSource</Value>
<Value>socialIdpAuthentication</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithEmailAddress" TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="14" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="AADUserWrite" TechnicalProfileReferenceId="AAD-UserWriteUsingAlternativeSecurityId"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="15" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>extension_isinvitationaccepted</Value>
<Value>True</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>authenticationSource</Value>
<Value>socialIdpAuthentication</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountChangeInvitationStatus" TechnicalProfileReferenceId="LocalAccountWriteInvitationStatusUsingUPN"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="16" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="false">
<Value>email</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>authenticationSource</Value>
<Value>socialIdpAuthentication</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithSocialEmailAddress" TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="17" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="false">
<Value>signInNames.emailAddress</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>authenticationSource</Value>
<Value>socialIdpAuthentication</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithSignInEmailAddress" TechnicalProfileReferenceId="AAD-UserReadUsingSignInEmailAddress"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="18" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="CreateCustomerMapping" TechnicalProfileReferenceId="REST-CreateCustomerUserMappingInvitation"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="19" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="GetCurrentUserTime" TechnicalProfileReferenceId="GetCurrentTime"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="20" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserWriteLastLogin" TechnicalProfileReferenceId="AAD-UserWriteLastLogin"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="21" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/>
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb"/>
</UserJourney>现在,我的问题是当我打开电子邮件B2C中的链接时,会显示一个通用的错误消息,比如“出了问题”。编制步骤6允许用户选择是否更改密码或使用其他提供程序。我使用了应用程序洞察力,得到了以下错误:
{
"Kind": "FatalException",
"Content": {
"Time": "6:47 PM",
"Exception": {
"Kind": "Handled",
"HResult": "80131509",
"Message": "Claims exchange with id 'AADUserReadUsingEmailAddress' could not be found in orchestration step '7' and the step contains more than one claims exchange.",
"Data": {}
}
}}
回答 1
Stack Overflow用户
发布于 2022-03-20 22:40:46
造成此错误的原因可能是因为您可能已经在两个文件中写入了用户旅程ID,这两个文件包括基本/扩展名和依赖方策略。如果其中一个id在两个文件中相同,则尝试将id更改为其中一个文件中的其他内容(尽量避免重复的用户旅程)。或者尝试将用户之旅移到下一步,或者在基本文件步骤结束之后。
如果步骤数和ClaimsExchange ID是唯一的,那么只有它才会接受,否则它将把它作为不同的ClaimsExchange来处理,并且会发生错误。
参考资料:
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/71517743
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号