ClaimsProvidersClaimsProviders

Note

在 Azure Active Directory B2C 中,custom policies 主要用于解决复杂方案。In Azure Active Directory B2C, custom policies are designed primarily to address complex scenarios. 大多数情况下,建议使用内置的用户流For most scenarios, we recommend that you use built-in user flows.

一个声明提供程序可以包含一组技术配置文件A claims provider contains a set of technical profiles. 每个声明提供程序必须包含一个或多个用于确定终结点的技术配置文件,以及与该声明提供程序通信所需的协议。Every claims provider must have one or more technical profiles that determine the endpoints and the protocols needed to communicate with the claims provider. 一个声明提供程序可以包含多个技术配置文件。A claims provider can have multiple technical profiles. 例如,由于声明提供程序需要支持多个协议和具有不同功能的各种终结点,或者需要在不同的保障级别发布不同的声明,因此可以定义多个技术配置文件。For example, multiple technical profiles may be defined because the claims provider supports multiple protocols, various endpoints with different capabilities, or releases different claims at different assurance levels. 可以接受在一个用户旅程中发布敏感声明,但不接受在另一个用户旅程中发布此类声明。It may be acceptable to release sensitive claims in one user journey, but not in another.

<ClaimsProviders>
  <ClaimsProvider>
    <Domain>Domain name</Domain>
    <DisplayName>Display name</DisplayName>
    <TechnicalProfiles>
      </TechnicalProfile>
        ...
      </TechnicalProfile>
        ...
    </TechnicalProfiles>
  </ClaimsProvider>
  ...
</ClaimsProviders>

ClaimsProviders 元素包含以下元素:The ClaimsProviders element contains the following element:

元素Element 出现次数Occurrences 说明Description
ClaimsProviderClaimsProvider 1:n1:n 经认可的声明提供程序,可在各种用户旅程中使用。An accredited claims provider that can be leveraged in various user journeys.

ClaimsProviderClaimsProvider

ClaimsProvider 元素包含以下子元素:The ClaimsProvider element contains the following child elements:

元素Element 出现次数Occurrences 说明Description
Domain 0:10:1 一个字符串,包含声明提供程序的域名。A string that contains the domain name for the claim provider. 此域名用于声明提供程序中定义的所有技术配置文件,除非被技术配置文件覆盖。This domain name is used for all technical profiles defined in the claims provider unless overridden by the technical profile. 域名也可以在 domain_hint 中引用。The domain name can also be referenced in a domain_hint. 有关详细信息,请参阅使用 Azure Active Directory B2C 设置直接登录将登录重定向到社交提供者部分。For more information, see the Redirect sign-in to a social provider section of Set up direct sign-in using Azure Active Directory B2C.
DisplayNameDisplayName 1:11:1 一个包含声明提供程序名称的字符串。A string that contains the name of the claims provider.
技术配置文件TechnicalProfiles 0:10:1 声明提供程序支持的一组技术配置文件A set of technical profiles supported by the claim provider

ClaimsProvider 可组织技术配置文件与声明提供程序的关联方式。ClaimsProvider organizes how your technical profiles relate to the claims provider. 以下示例显示了使用 Azure Active Directory 技术配置文件的 Azure Active Directory 声明提供程序:The following example shows the Azure Active Directory claims provider with the Azure Active Directory technical profiles:

<ClaimsProvider>
  <DisplayName>Azure Active Directory</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="AAD-Common">
      ...
    </TechnicalProfile>
    <TechnicalProfile Id="AAD-UserWriteUsingAlternativeSecurityId">
      ...
    </TechnicalProfile>
    <TechnicalProfile Id="AAD-UserReadUsingAlternativeSecurityId">
      ...
    </TechnicalProfile>
    <TechnicalProfile Id="AAD-UserReadUsingAlternativeSecurityId-NoError">
      ...
    </TechnicalProfile>
    <TechnicalProfile Id="AAD-UserReadUsingEmailAddress">
      ...
    </TechnicalProfile>
      ...
    <TechnicalProfile Id="AAD-UserWritePasswordUsingObjectId">
      ...
    </TechnicalProfile>
    <TechnicalProfile Id="AAD-UserWriteProfileUsingObjectId">
      ...
    </TechnicalProfile>
    <TechnicalProfile Id="AAD-UserReadUsingObjectId">
      ...
    </TechnicalProfile>
    <TechnicalProfile Id="AAD-UserWritePhoneNumberUsingObjectId">
      ...
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>