科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>Azure B2C Check all of a user's groups - Stack Overflow

    Azure B2C Check all of a user's groups - Stack Overflow

    programmeradmin4浏览0评论

    I have a custom policy where I retrieve groups that a user belongs too, this can be 0 or many. The response from Microsoft graph is an array of objects containing the group id's. I am attempting to check for the existence of a particular group id so I can conditionally apply MFA on a step before issuing tokens.

    Unfortunately I can't figure out a way to go over all of a user's groups, only by explicitly checking indexes of the returned array. I think the problem is coming from the groups collection not being populated correctly. I am unsure if I can use value[*].id to get all the id's into an array.

    <Technical profile Id="Graph-GetUserGroups">
  <DisplayName>Get user's group memberships using Graph API</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="ServiceUrl">.0/users/{objectId}/memberOf?$select=id</Item>
    <Item Key="SendClaimsIn">Url</Item>
    <Item Key="AuthenticationType">Bearer</Item>
    <Item Key="UseClaimAsBearerToken">accessToken</Item>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
    <Item Key="ClaimResolverUrlFormatting">true</Item>
    <Item Key="ResolveJsonPathsInJsonTokens">true</Item>
   </Metadata>
   <InputClaims>
     <InputClaim ClaimTypeReferenceId="objectId" />
     <InputClaim ClaimTypeReferenceId="accessToken" />
   </InputClaims>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="groups" PartnerClaimType="value[*].id" />
   </OutputClaims>
   <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
 </TechnicalProfile>

 <ClaimType Id="groups">
   <DisplayName>Groups</DisplayName>
   <DataType>stringCollection</DataType>
   <DefaultPartnerClaimTypes>
     <Protocol Name="OAuth2" PartnerClaimType="groups" />
   </DefaultPartnerClaimTypes>
   <UserHelpText>The groups that the user is a member of.</UserHelpText>
 </ClaimType>

 <ClaimType Id="enforceMfa">
   <DisplayName>Enforce MFA for this user</DisplayName>
   <DataType>boolean</DataType>
 </ClaimType>

 <ClaimsTransformation Id="CheckIfUserInMfaGroup" TransformationMethod="StringCollectionContains">
   <InputClaims>
     <InputClaim ClaimTypeReferenceId="groups" TransformationClaimType="inputClaim" />
   </InputClaims>
   <InputParameters>
     <InputParameter Id="item" DataType="string" Value="<group id>" />
     <InputParameter Id="ignoreCase" DataType="string" Value="false"/>
   </InputParameters>
   <OutputClaims>
     <OutputClaim ClaimTypeReferenceId="enforceMfa" TransformationClaimType="outputClaim" />
   </OutputClaims>
 </ClaimsTransformation>

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论