StringCollection 声明转换StringCollection claims transformations

Note

在 Azure Active Directory B2C 中,custom policies 主要用于解决复杂方案。In Azure Active Directory B2C, custom policies are designed primarily to address complex scenarios. 大多数情况下,建议使用内置的用户流For most scenarios, we recommend that you use built-in user flows.

本文提供了在 Azure Active Directory B2C (Azure AD B2C) 中使用标识体验框架架构的字符串集合声明转换的示例。This article provides examples for using the string collection claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). 有关详细信息,请参阅 ClaimsTransformationsFor more information, see ClaimsTransformations.

AddItemToStringCollectionAddItemToStringCollection

将 string 声明添加到新的唯一值 stringCollection 声明。Adds a string claim to a new unique values stringCollection claim.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim itemitem stringstring 要添加到输出声明的 ClaimType。The ClaimType to be added to the output claim.
InputClaimInputClaim collectioncollection stringCollectionstringCollection [可选] 如果已指定,则声明转换会复制此集合中的项,并将该项添加到输出集合声明的末尾。[Optional] If specified, the claims transformation copies the items from this collection, and adds the item to the end of the output collection claim.
OutputClaimOutputClaim collectioncollection stringCollectionstringCollection 调用此声明转换后生成的 ClaimType,其值在输入声明中指定。The ClaimType that is produced after this claims transformation has been invoked, with the value specified in the input claim.

使用此声明转换将字符串添加到新的或现有的 stringCollection。Use this claims transformation to add a string to a new or existing stringCollection. 它通常用于 AAD-UserWriteUsingAlternativeSecurityId 技术配置文件。It's commonly used in a AAD-UserWriteUsingAlternativeSecurityId technical profile. 在创建新的社交帐户之前,CreateOtherMailsFromEmail 声明转换会读取 ClaimType,并将值添加到 otherMails ClaimType。Before a new social account is created, CreateOtherMailsFromEmail claims transformation reads the ClaimType and adds the value to the otherMails ClaimType.

以下声明转换会将 email ClaimType 添加到 otherMails ClaimType。The following claims transformation adds the email ClaimType to otherMails ClaimType.

<ClaimsTransformation Id="CreateOtherMailsFromEmail" TransformationMethod="AddItemToStringCollection">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="email" TransformationClaimType="item" />
    <InputClaim ClaimTypeReferenceId="otherMails" TransformationClaimType="collection" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="otherMails" TransformationClaimType="collection" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • collection: ["someone@outlook.com"]collection: ["someone@outlook.com"]
    • item: "admin@contoso.com"item: "admin@contoso.com"
  • 输出声明:Output claims:
    • collection: ["someone@outlook.com", "admin@contoso.com"]collection: ["someone@outlook.com", "admin@contoso.com"]

AddParameterToStringCollectionAddParameterToStringCollection

将字符串参数添加到新的唯一值 stringCollection 声明。Adds a string parameter to a new unique values stringCollection claim.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim collectioncollection stringCollectionstringCollection [可选] 如果已指定,则声明转换会复制此集合中的项,并将该项添加到输出集合声明的末尾。[Optional] If specified, the claims transformation copies the items from this collection, and adds the item to the end of the output collection claim.
InputParameterInputParameter itemitem stringstring 要添加到输出声明的值。The value to be added to the output claim.
OutputClaimOutputClaim collectioncollection stringCollectionstringCollection 调用此声明转换后生成的 ClaimType,其值在输入参数中指定。The ClaimType that is produced after this claims transformation has been invoked, with the value specified in the input parameter.

使用此声明转换将字符串值添加到新的或现有的 stringCollection。Use this claims transformation to add a string value to a new or existing stringCollection. 以下示例将常量电子邮件地址 (admin@contoso.com) 添加到 otherMails 声明。The following example adds a constant email address (admin@contoso.com) to the otherMails claim.

<ClaimsTransformation Id="SetCompanyEmail" TransformationMethod="AddParameterToStringCollection">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="otherMails" TransformationClaimType="collection" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="item" DataType="string" Value="admin@contoso.com" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="otherMails" TransformationClaimType="collection" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • collection: ["someone@outlook.com"]collection: ["someone@outlook.com"]
  • 输入参数Input parameters
    • item: "admin@contoso.com"item: "admin@contoso.com"
  • 输出声明:Output claims:
    • collection: ["someone@outlook.com", "admin@contoso.com"]collection: ["someone@outlook.com", "admin@contoso.com"]

GetSingleItemFromStringCollectionGetSingleItemFromStringCollection

从提供的字符串集合中获取第一项。Gets the first item from the provided string collection.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim collectioncollection stringCollectionstringCollection 由声明转换用于获取项的 ClaimTypes。The ClaimTypes that are used by the claims transformation to get the item.
OutputClaimOutputClaim extractedItemextractedItem stringstring 调用此 ClaimsTransformation 后生成的 ClaimType。The ClaimTypes that are produced after this ClaimsTransformation has been invoked. 集合中的第一项。The first item in the collection.

以下示例读取 otherMails 声明,并将第一项返回到 email 声明中。The following example reads the otherMails claim and return the first item into the email claim.

<ClaimsTransformation Id="CreateEmailFromOtherMails" TransformationMethod="GetSingleItemFromStringCollection">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="otherMails" TransformationClaimType="collection" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="email" TransformationClaimType="extractedItem" />
  </OutputClaims>
</ClaimsTransformation>

示例Example

  • 输入声明:Input claims:
    • collection: ["someone@outlook.com", "someone@contoso.com"]collection: ["someone@outlook.com", "someone@contoso.com"]
  • 输出声明:Output claims:
    • extractedItem: "someone@outlook.com"extractedItem: "someone@outlook.com"

StringCollectionContainsStringCollectionContains

检查 StringCollection 声明类型是否包含元素Checks if a StringCollection claim type contains an element

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim inputClaiminputClaim stringCollectionstringCollection 要搜索的声明类型。The claim type which is to be searched.
InputParameterInputParameter itemitem stringstring 要搜索的值。The value to search.
InputParameterInputParameter ignoreCaseignoreCase stringstring 指定此比较是否应忽略所比较字符串的大小写。Specifies whether this comparison should ignore the case of the strings being compared.
OutputClaimOutputClaim outputClaimoutputClaim booleanboolean 调用此 ClaimsTransformation 后生成的 ClaimType。The ClaimType that is produced after this ClaimsTransformation has been invoked. 布尔指示符(如果集合包含这样的字符串)A boolean indicator if the collection contains such a string

以下示例检查 roles stringCollection 声明类型是否包含 admin 值。Following example checks whether the roles stringCollection claim type contains the value of admin.

<ClaimsTransformation Id="IsAdmin" TransformationMethod="StringCollectionContains">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="roles" TransformationClaimType="inputClaim"/>
  </InputClaims>
  <InputParameters>
    <InputParameter  Id="item" DataType="string" Value="Admin"/>
    <InputParameter  Id="ignoreCase" DataType="string" Value="true"/>
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="isAdmin" TransformationClaimType="outputClaim"/>
  </OutputClaims>
</ClaimsTransformation>
  • 输入声明:Input claims:
    • inputClaim: ["reader", "author", "admin"]inputClaim: ["reader", "author", "admin"]
  • 输入参数:Input parameters:
    • item:“Admin”item: "Admin"
    • ignoreCase: "true"ignoreCase: "true"
  • 输出声明:Output claims:
    • outputClaim: "true"outputClaim: "true"

StringCollectionContainsClaimStringCollectionContainsClaim

检查 StringCollection 声明类型是否包含声明值。Checks if a StringCollection claim type contains a claim value.

项目Item TransformationClaimTypeTransformationClaimType 数据类型Data Type 注释Notes
InputClaimInputClaim collectioncollection stringCollectionstringCollection 要搜索的声明类型。The claim type which is to be searched.
InputClaimInputClaim itemitem stringstring 包含要搜索的值的声明类型。The claim type that contains the value to search.
InputParameterInputParameter ignoreCaseignoreCase stringstring 指定此比较是否应忽略所比较字符串的大小写。Specifies whether this comparison should ignore the case of the strings being compared.
OutputClaimOutputClaim outputClaimoutputClaim booleanboolean 调用此 ClaimsTransformation 后生成的 ClaimType。The ClaimType that is produced after this ClaimsTransformation has been invoked. 布尔指示符(如果集合包含这样的字符串)A boolean indicator if the collection contains such a string

以下示例检查 roles stringCollection 声明类型是否包含 role 声明类型。Following example checks whether the roles stringCollection claim type contains the value of the role claim type.

<ClaimsTransformation Id="HasRequiredRole" TransformationMethod="StringCollectionContainsClaim">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="roles" TransformationClaimType="collection" />
    <InputClaim ClaimTypeReferenceId="role" TransformationClaimType="item" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="ignoreCase" DataType="string" Value="true" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="hasAccess" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation> 
  • 输入声明:Input claims:
    • collection: ["reader", "author", "admin"]collection: ["reader", "author", "admin"]
    • item:“Admin”item: "Admin"
  • 输入参数:Input parameters:
    • ignoreCase: "true"ignoreCase: "true"
  • 输出声明:Output claims:
    • outputClaim: "true"outputClaim: "true"