布尔型声明转换Boolean claims transformations
备注
在 Azure Active Directory B2C 中,custom policies 主要用于解决复杂方案。In Azure Active Directory B2C, custom policies are designed primarily to address complex scenarios. 大多数情况下,建议使用内置的用户流。For most scenarios, we recommend that you use built-in user flows.
本文提供了在 Azure Active Directory B2C (Azure AD B2C) 中使用 Identity Experience Framework 架构的布尔型声明转换的示例。This article provides examples for using the boolean claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). 有关详细信息,请参阅 ClaimsTransformations。For more information, see ClaimsTransformations.
AndClaimsAndClaims
执行两个布尔型 inputClaims 的 And 运算并使用运算结果设置 outputClaim。Performs an And operation of two boolean inputClaims and sets the outputClaim with result of the operation.
| 项目Item | TransformationClaimTypeTransformationClaimType | 数据类型Data Type | 注释Notes |
|---|---|---|---|
| InputClaimInputClaim | inputClaim1inputClaim1 | booleanboolean | 第一个要评估的 ClaimType。The first ClaimType to evaluate. |
| InputClaimInputClaim | inputClaim2inputClaim2 | booleanboolean | 第二个要评估的 ClaimType。The second ClaimType to evaluate. |
| OutputClaimOutputClaim | outputClaimoutputClaim | booleanboolean | 调用此声明转换后将生成的 ClaimTypes(true 或 false)。The ClaimTypes that will be produced after this claims transformation has been invoked (true or false). |
以下声明转换演示如何执行两个布尔型 ClaimTypes 的 And 运算:isEmailNotExist 和 isSocialAccount。The following claims transformation demonstrates how to And two boolean ClaimTypes: isEmailNotExist, and isSocialAccount. 如果这两个输入声明的值为 true,则输出声明 presentEmailSelfAsserted 设置为 true。The output claim presentEmailSelfAsserted is set to true if the value of both input claims are true. 在业务流程步骤中,只有在社交帐户电子邮件为空的情况下,才可以使用前置条件来预设自断言页。In an orchestration step, you can use a precondition to preset a self-asserted page, only if a social account email is empty.
<ClaimsTransformation Id="CheckWhetherEmailBePresented" TransformationMethod="AndClaims">
<InputClaims>
<InputClaim ClaimTypeReferenceId="isEmailNotExist" TransformationClaimType="inputClaim1" />
<InputClaim ClaimTypeReferenceId="isSocialAccount" TransformationClaimType="inputClaim2" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="presentEmailSelfAsserted" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
AndClaims 示例Example of AndClaims
- 输入声明:Input claims:
- inputClaim1: trueinputClaim1: true
- inputClaim2: falseinputClaim2: false
- 输出声明:Output claims:
- outputClaim: falseoutputClaim: false
AssertBooleanClaimIsEqualToValueAssertBooleanClaimIsEqualToValue
检查两个声明的布尔值是否相等,如果不等,将引发异常。Checks that boolean values of two claims are equal, and throws an exception if they are not.
| 项目Item | TransformationClaimTypeTransformationClaimType | 数据类型Data Type | 注释Notes |
|---|---|---|---|
| inputClaiminputClaim | inputClaiminputClaim | booleanboolean | 要断言的 ClaimType。The ClaimType to be asserted. |
| InputParameterInputParameter | valueToCompareTovalueToCompareTo | booleanboolean | 要比较的值(true 或 false)。The value to compare (true or false). |
AssertBooleanClaimIsEqualToValue 声明转换始终从验证技术配置文件执行,该文件由自断言技术配置文件调用。The AssertBooleanClaimIsEqualToValue claims transformation is always executed from a validation technical profile that is called by a self-asserted technical profile. UserMessageIfClaimsTransformationBooleanValueIsNotEqual 自断言技术配置文件元数据控制向用户显示的技术配置文件。The UserMessageIfClaimsTransformationBooleanValueIsNotEqual self-asserted technical profile metadata controls the error message that the technical profile presents to the user. 可以将错误消息本地化。The error messages can be localized.
以下声明转换演示如何检查带 true 值的布尔型 ClaimType 的值。The following claims transformation demonstrates how to check the value of a boolean ClaimType with a true value. 如果 accountEnabled ClaimType 的值为 false,则会引发错误消息。If the value of the accountEnabled ClaimType is false, an error message is thrown.
<ClaimsTransformation Id="AssertAccountEnabledIsTrue" TransformationMethod="AssertBooleanClaimIsEqualToValue">
<InputClaims>
<InputClaim ClaimTypeReferenceId="accountEnabled" TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter Id="valueToCompareTo" DataType="boolean" Value="true" />
</InputParameters>
</ClaimsTransformation>
login-NonInteractive 验证技术配置文件会调用 AssertAccountEnabledIsTrue 声明转换。The login-NonInteractive validation technical profile calls the AssertAccountEnabledIsTrue claims transformation.
<TechnicalProfile Id="login-NonInteractive">
...
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="AssertAccountEnabledIsTrue" />
</OutputClaimsTransformations>
</TechnicalProfile>
自断言技术配置文件调用验证 login-NonInteractive 技术配置文件。The self-asserted technical profile calls the validation login-NonInteractive technical profile.
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
<Metadata>
<Item Key="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">Custom error message if account is disabled.</Item>
</Metadata>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
AssertBooleanClaimIsEqualToValue 示例Example of AssertBooleanClaimIsEqualToValue
- 输入声明:Input claims:
- inputClaim: falseinputClaim: false
- valueToCompareTo: truevalueToCompareTo: true
- 结果:引发错误Result: Error thrown
CompareBooleanClaimToValueCompareBooleanClaimToValue
检查声明的布尔值是等于 true 还是 false,并返回压缩结果。Checks that boolean value of a claim is equal to true or false, and return the result of the compression.
| 项目Item | TransformationClaimTypeTransformationClaimType | 数据类型Data Type | 注释Notes |
|---|---|---|---|
| InputClaimInputClaim | inputClaiminputClaim | booleanboolean | 要断言的 ClaimType。The ClaimType to be asserted. |
| InputParameterInputParameter | valueToCompareTovalueToCompareTo | booleanboolean | 要比较的值(true 或 false)。The value to compare (true or false). |
| OutputClaimOutputClaim | compareResultcompareResult | booleanboolean | 调用此 ClaimsTransformation 后生成的 ClaimType。The ClaimType that is produced after this ClaimsTransformation has been invoked. |
以下声明转换演示如何检查带 true 值的布尔型 ClaimType 的值。The following claims transformation demonstrates how to check the value of a boolean ClaimType with a true value. 如果 IsAgeOver21Years ClaimType 的值等于 true,则声明转换返回 true,否则返回 false。If the value of the IsAgeOver21Years ClaimType is equal to true, the claims transformation returns true, otherwise false.
<ClaimsTransformation Id="AssertAccountEnabled" TransformationMethod="CompareBooleanClaimToValue">
<InputClaims>
<InputClaim ClaimTypeReferenceId="IsAgeOver21Years" TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter Id="valueToCompareTo" DataType="boolean" Value="true" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="accountEnabled" TransformationClaimType="compareResult"/>
</OutputClaims>
</ClaimsTransformation>
CompareBooleanClaimToValue 示例Example of CompareBooleanClaimToValue
- 输入声明:Input claims:
- inputClaim: falseinputClaim: false
- 输入参数:Input parameters:
- valueToCompareTo: truevalueToCompareTo: true
- 输出声明:Output claims:
- compareResult: falsecompareResult: false
NotClaimsNotClaims
执行布尔型 inputClaim 的 Not 运算并使用运算结果设置 outputClaim。Performs a Not operation of the boolean inputClaim and sets the outputClaim with result of the operation.
| 项目Item | TransformationClaimTypeTransformationClaimType | 数据类型Data Type | 注释Notes |
|---|---|---|---|
| InputClaimInputClaim | inputClaiminputClaim | booleanboolean | 要运算的声明。The claim to be operated. |
| OutputClaimOutputClaim | outputClaimoutputClaim | booleanboolean | 调用此 ClaimsTransformation 后生成的 ClaimType(true 或 false)。The ClaimTypes that are produced after this ClaimsTransformation has been invoked (true or false). |
使用此声明转换对声明执行逻辑非运算。Use this claim transformation to perform logical negation on a claim.
<ClaimsTransformation Id="CheckWhetherEmailBePresented" TransformationMethod="NotClaims">
<InputClaims>
<InputClaim ClaimTypeReferenceId="userExists" TransformationClaimType="inputClaim" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="userExists" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
NotClaims 示例Example of NotClaims
- 输入声明:Input claims:
- inputClaim: falseinputClaim: false
- 输出声明:Output claims:
- outputClaim: trueoutputClaim: true
OrClaimsOrClaims
执行两个布尔型 inputClaims 的 Or 运算并使用运算结果设置 outputClaim。Computes an Or of two boolean inputClaims and sets the outputClaim with result of the operation.
| 项目Item | TransformationClaimTypeTransformationClaimType | 数据类型Data Type | 注释Notes |
|---|---|---|---|
| InputClaimInputClaim | inputClaim1inputClaim1 | booleanboolean | 第一个要评估的 ClaimType。The first ClaimType to evaluate. |
| InputClaimInputClaim | inputClaim2inputClaim2 | booleanboolean | 第二个要评估的 ClaimType。The second ClaimType to evaluate. |
| OutputClaimOutputClaim | outputClaimoutputClaim | booleanboolean | 调用此 ClaimsTransformation 后将生成的 ClaimTypes(true 或 false)。The ClaimTypes that will be produced after this ClaimsTransformation has been invoked (true or false). |
以下声明转换演示如何执行两个布尔型 ClaimTypes 的 Or 运算。The following claims transformation demonstrates how to Or two boolean ClaimTypes. 在业务流程步骤中,如果其中一个声明的值为 true,则可以使用前置条件来预设自断言页。In the orchestration step, you can use a precondition to preset a self-asserted page, if the value of one of the claims is true.
<ClaimsTransformation Id="CheckWhetherEmailBePresented" TransformationMethod="OrClaims">
<InputClaims>
<InputClaim ClaimTypeReferenceId="isLastTOSAcceptedNotExists" TransformationClaimType="inputClaim1" />
<InputClaim ClaimTypeReferenceId="isLastTOSAcceptedGreaterThanNow" TransformationClaimType="inputClaim2" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="presentTOSSelfAsserted" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
OrClaims 示例Example of OrClaims
- 输入声明:Input claims:
- inputClaim1: trueinputClaim1: true
- inputClaim2: falseinputClaim2: false
- 输出声明:Output claims:
- outputClaim: trueoutputClaim: true