我希望使用声明转换来满足密码复杂性要求。当用户经历密码重置过程时,我想通过将newPassword声明与包含用户电子邮件前缀的扩展属性进行比较来获得与用户名类似的密码,例如jdoe@contoso.com.我不想使用REST技术配置文件。
索赔转换
<ClaimsTransformation Id="CheckUserSuppliedPassword" TransformationMethod="CompareClaims">
<InputClaims>
<InputClaim ClaimTypeReferenceId="newPassword" TransformationClaimType="inputClaim1" />
<InputClaim ClaimTypeReferenceId="userEmailPrefix" TransformationClaimType="inputClaim2" />
</InputClaims>
<InputParameters>
<InputParameter Id="operator" DataType="string" Value="NOT EQUAL" />
<InputParameter Id="ignoreCase" DataType="string" Value="true" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="SameAsEmailPrefix" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
我添加了另一个调用转换的技术配置文件(MyLocalAccountCheckUserPassword(。该技术概况被用作验证技术概况;LocalAccountWritePasswordUsingObjectId;本地账户索赔提供商的技术简介。以下是两个技术简介。
<TechnicalProfile Id="MyLocalAccountCheckUserPassword">
<DisplayName>Check User Password</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="newPassword" Required="true" />
<InputClaim ClaimTypeReferenceId="reenterPassword" Required="false" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="newPassword"/>
<OutputClaim ClaimTypeReferenceId="reenterPassword" />
<OutputClaim ClaimTypeReferenceId="SameAsEmailPrefix"/>
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CheckUserSuppliedPassword"/>
</OutputClaimsTransformations>
</TechnicalProfile>
<TechnicalProfile Id="LocalAccountWritePasswordUsingObjectId">
<DisplayName>Change password (username)</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.localaccountpasswordreset</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" />
<InputClaim ClaimTypeReferenceId="Verified.strongAuthenticationPhoneNumber" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="sameAsEmailPrefix" Required="true" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId" />
<ValidationTechnicalProfile ReferenceId="MyLocalAccountCheckUserPassword" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
目前,我只想验证SameAsMailMessage声明中的内容(true/false(,看看比较是否如预期的那样进行。因此,我已将其作为输出声明添加到依赖方技术简介中。但在密码重置过程完成后,它并没有以索赔的形式出现。最终,我想在本地帐户登录屏幕上向用户显示一条错误消息。
请帮忙。
在自定义策略文件的relyingparty部分添加SameAsMailPrefix作为输出声明。