我在这里关注答案:具有自定义策略的Azure AD B2C中的多租户Azure AD身份验证
以及这里的演练:https : //github.com/Azure-Samples/active-directory-b2c-advanced-policies/blob/0129fc013ae5e66a3ee0046a5d0db2e8120d8f8e/Walkthroughs/IdP-AzureAD.md
但是我无法登录,该错误消息有点类似:
AADB2C: An exception has occured. Correlation ID: <GUID>. Timestamp: <Time>
此外,在最新版母版中查看演练时,整个页面已被删除,现在仅包含指向https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c的链接-setup-aad-custom,它没有显示如何为多租户Azure AD IDP配置ClaimsProvider。
该错误消息不是很有帮助,我迷路了。
我的技术资料如下:
<ClaimsProvider>
<Domain>AzureAD</Domain>
<DisplayName>Login using Azure AD</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="AzureADProfile">
<DisplayName>Azure AD</DisplayName>
<Description>Login with your Azure AD account</Description>
<Protocol Name="OpenIdConnect"/>
<OutputTokenFormat>JWT</OutputTokenFormat>
<Metadata>
<Item Key="DiscoverMetadataByTokenIssuer">true</Item>
<Item Key="ValidTokenIssuerPrefixes">https://login.microsoftonline.com/</Item>
<Item Key="authorization_endpoint">https://login.windows.net/common/oauth2/v2.0/authorize</Item>
<Item Key="client_id">MyAzureADB2CAppId</Item>
<Item Key="IdTokenAudience">MyAzureADB2CAppId</Item>
<Item Key="response_types">id_token</Item>
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="BearerTokenTransmissionMethod">AuthorizationHeader</Item>
<Item Key="scope">openid</Item>
<Item Key="HttpBinding">POST</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_B2CSecret"/>
</CryptographicKeys>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="oid"/> …azure-ad-b2c ×1