Не удалось найти утверждение для запроса поиска с идентификатором "objectId", определенным в техническом профиле с политикой идентификатора "AAD-UserReadUsingObjectId"

Question

Я следил за статьей B2C - ADFS.

Я подключаюсь к ADFS, успешно аутентифицируюсь, но затем B2C выдает вышеуказанную ошибку.

Я использую последний шаблон SocialandLocalAccounts.

Мой XML в расширениях XML.

<ClaimsProvider>
            <Domain>ABC.com</Domain>
            <DisplayName>ABC ADFS</DisplayName>
            <TechnicalProfiles>
                <TechnicalProfile Id="ABC-SAML2">
                    <DisplayName>ABC staff</DisplayName>
                    <Description>Login with your ADFS account</Description>
                    <Protocol Name="SAML2"/>
                    <Metadata>
                        <Item Key="WantsEncryptedAssertions">false</Item>
                        <Item Key="PartnerEntity">https://my-adfs.southeastasia.cloudapp.azure.com/federationmetadata/2007-06/federationmetadata.xml</Item>
                        <Item Key="XmlSignatureAlgorithm">Sha256</Item>
                    </Metadata>
                    <CryptographicKeys>
                        <Key Id="SamlAssertionSigning" StorageReferenceId="B2C_1A_SamlCert"/>
                        <Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SamlCert"/>
                    </CryptographicKeys>
                    <OutputClaims>
                        <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="userPrincipalName" />
                        <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name"/>
                        <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name"/>
                        <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email"/>
                        <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name"/>
                        <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="ABC.com" />
                        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication"/>
                    </OutputClaims>
                    <OutputClaimsTransformations>
                        <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>
                        <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>
                        <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
                        <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>
                    </OutputClaimsTransformations>
                    <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
                </TechnicalProfile>
            </TechnicalProfiles>
        </ClaimsProvider>
    </ClaimsProviders>

    <UserJourneys>

        <UserJourney Id="SignUpSignInADFS">
            <OrchestrationSteps>
                <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
                    <ClaimsProviderSelections>
                        <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
                        <ClaimsProviderSelection TargetClaimsExchangeId="ABCExchange" />
                    </ClaimsProviderSelections>
                    <ClaimsExchanges>
                        <ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
                    </ClaimsExchanges>
                </OrchestrationStep>
                <OrchestrationStep Order="2" Type="ClaimsExchange">
                    <Preconditions>
                        <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
                            <Value>objectId</Value>
                            <Action>SkipThisOrchestrationStep</Action>
                        </Precondition>
                    </Preconditions>
                    <ClaimsExchanges>
                        <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
                        <ClaimsExchange Id="ABCExchange" TechnicalProfileReferenceId="ABC-SAML2" />
                    </ClaimsExchanges>
                </OrchestrationStep>
                <OrchestrationStep Order="3" Type="ClaimsExchange">
                    <ClaimsExchanges>
                        <ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
                    </ClaimsExchanges>
                </OrchestrationStep>
                <OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
            </OrchestrationSteps>
            <ClientDefinition ReferenceId="DefaultWeb" />
        </UserJourney>
    </UserJourneys>

Вот что возвращается в токене SAML из ADFS:

<AttributeStatement>
            <Attribute Name="userPrincipalName">
                <AttributeValue>user1@test.dev.com</AttributeValue>
            </Attribute>
            <Attribute Name="family_name">
                <AttributeValue>Test</AttributeValue>
            </Attribute>
            <Attribute Name="given_name">
                <AttributeValue>User1</AttributeValue>
            </Attribute>
            <Attribute Name="email">
                <AttributeValue>user1@company.com</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
                <AttributeValue>User1 Test</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
                <AttributeValue>user1@company.com</AttributeValue>
            </Attribute>
        </AttributeStatement> 

Answer 1

Как и выше, убедитесь, что вы используете "SocialAndLocalAccounts".