I have custom policy, I am trying to use output claim from TechnicalProfile, into ValidationTechnicalProfile. OutputClaim can have set of values and it looks like:
<OutputClaim ClaimTypeReferenceId="PolicyId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:PolicyId}" />
In ValidationTechnicalProfile I try to compare PolicyId but it is not set and . If I trying to put a hard-codded value as Default Value, ValidationTechnicalProfile is able run the validation:
<ValidationTechnicalProfile ReferenceId="SetActivity_BasedOnPolicyId_Yes" ContinueOnError="true">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="**false**">
<Value>policyId</Value>
<Value>B2C_1A_SignIn</Value>
<Action>SkipThisValidationTechnicalProfile</Action>
</Precondition>
</Preconditions>
</ValidationTechnicalProfile>
....
<ValidationTechnicalProfile ReferenceId="SetActivity_BasedOnPolicyId_Yes" ContinueOnError="true">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="**true**">
<Value>policyId</Value>
<Value>B2C_1A_SignIn</Value>
<Action>SkipThisValidationTechnicalProfile</Action>
</Precondition>
</Preconditions>
</ValidationTechnicalProfile>
What am I doing wrong here? I simply want to run validation against policy that's used (we have few).
Thanks
Did you set:
The IncludeClaimResolvingInClaimsHandling metadata must be set to true.
The input or output claims attribute AlwaysUseDefaultValue must be set to true.
I feel like claim resolving sometimes happens in a weird order. Try making PolicyId an input claim and do the claim resolving there, rather than in the output claims (do still leave the output claim though)
Related
Is there a way, in the preconditions step of an orchestrationstep to check if a claim is set to empty string?
I've tried the below and it doesn't work, it never executes the SkipThisOrchestrationStep
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>readOnlyPhone</Value>
<Value></Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
Also I have also attempted to use ClaimExists and that does not work either
<Preconditions>
<Precondition Type="ClaimsExists" ExecuteActionsIf="false">
<Value>readOnlyPhone</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
Background, the claim is being set by a RestfulProvider Technical Profile, and the API will return in the payload "phoneNumber": ""
Use a compare claims transform to return a Boolean
https://learn.microsoft.com/en-us/azure/active-directory-b2c/string-transformations#compareclaimtovalue
Then use a claimsEqual precondition against this Boolean.
I have a site I'm reverse proxying using IIS UrlRewrite. So far I've had a fairly easy time of it thanks to Paul Cociuba's three articles on Microsoft Tech Community.
My current challenge is with a group of urls in a <picture><source srcset which are, heavily abbreviated,
<source srcset="/a/b/c/d/e/en/g/h/thumb%20classes%202020_SX_MX.component.crop-3x2-5.ts=1592419103694.jpg/a/c/d/oceania/au/en/g/jcr:a/root/z_1_col/z_4_col/image_1558468008 1400w,
/a/b/c/d/e/en/g/h/thumb%20classes%202020_SX_MX.component.crop-3x2-6.ts=1592419103694.jpg/a/c/d/oceania/au/en/g/jcr:a/root/z_1_col/z_4_col/image_1558468008 2000w,
/a/b/c/d/e/en/g/h/thumb%20classes%202020_SX_MX.component.crop-3x2-7.ts=1592419103694.jpg/a/c/d/oceania/au/en/g/jcr:a/root/z_1_col/z_4_col/image_1558468008 2800w,
/a/b/c/d/e/en/g/h/thumb%20classes%202020_SX_MX.component.crop-3x2-1.ts=1592419103694.jpg/a/c/d/oceania/au/en/g/jcr:a/root/z_1_col/z_4_col/image_1558468008 350w,
/a/b/c/d/e/en/g/h/thumb%20classes%202020_SX_MX.component.crop-3x2-2.ts=1592419103694.jpg/a/c/d/oceania/au/en/g/jcr:a/root/z_1_col/z_4_col/image_1558468008 460w,
/a/b/c/d/e/en/g/h/thumb%20classes%202020_SX_MX.component.crop-3x2-3.ts=1592419103694.jpg/a/c/d/oceania/au/en/g/jcr:a/root/z_1_col/z_4_col/image_1558468008 700w,
/a/b/c/d/e/en/g/h/thumb%20classes%202020_SX_MX.component.crop-3x2-4.ts=1592419103694.jpg/a/c/d/oceania/au/en/g/jcr:a/root/z_1_col/z_4_col/image_1558468008 920w"
media="(max-width: 768px)"
sizes="(max-width: 768px) 100vw">
How do I convert all of the paths that begin with /a/b/c to https://othersite/a/b/c? At worst I could perhaps write a regular expression that captures a fixed number of paths (say 7) and then rewrites them with {R:1} through {R:7} but I'm not sure at this point whether the number of items in each srcset is fixed.
Also, do I need to create a custom tag so as to match the <source srcset=?
This worked and I'm rather surprised. I'm still not getting the response I'm expecting from the page (some of the images still aren't drawing), but at least the HTML appears to be correct.
First up, I've declared a custom tag
<customTags>
<tags name="sourceSrcset">
<tag name="source" attribute="srcset" />
</tags>
</customTags>
Then I've written an outbound rule to use it
<rule name="source srcset" preCondition="ResponseIsTextHtml">
<match filterByTags="CustomTags" customTags="sourceSrcset" pattern=",?\/(a\/b\/\S+\s\d+w)" />
<action type="Rewrite" value="https://othersite/{R:1}" />
</rule>
In case you're wondering, ResponseIsTextHtml has a brother called ResponseIsTextAnything and these are declared as
<preCondition name="ResponseIsTextHtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="ResponseIsTextAnything">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/(.+)" />
</preCondition>
I am trying to collect the date of birth for a user if he specifies that he is Under18....
I have defined 2 claims as follows
<ClaimType Id="extension_DateofBirth">
<DisplayName>Date of Birth</DisplayName>
<DataType>dateTime</DataType>
<UserInputType>DateTimeDropdown</UserInputType>
</ClaimType>
<!--Adding Custom Attribute for AgeGroup -->
<ClaimType Id="extension_AgeGroup">
<DisplayName>Your Age Group</DisplayName>
<DataType>string</DataType>
<UserInputType>DropdownSingleSelect</UserInputType>
<Restriction>
<Enumeration Text="Under 18" Value="Under18" />
<Enumeration Text="Adult" Value="Adult" />
</Restriction>
</ClaimType>
Now in my
I have added the following code in
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="Get-DOB" ContinueOnError="false">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>extension_AgeGroup</Value>
<Value>Under18</Value>
<Action>SkipThisValidationTechnicalProfile</Action>
</Precondition>
</Preconditions>
</ValidationTechnicalProfile>
</ValidationTechnicalProfiles>
and another Technical Profile as follows that is referenced "Get-DOB". which is as follows
<!--Adding write of DOB based on validation Profile-->
<TechnicalProfile Id="Get-DOB">
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_DateofBirth" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="extension_DateofBirth" />
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>
</TechnicalProfiles>
I have 2 issues:
if I select Under18 the DOB should appear on the screen which it is not.
After I select Under18 and press continue the explorer gets stuck on
we are processing your information forever
Hi I got this working by getting the preconditions done in the User Journey and not using validation technical Profiles
I am trying to introduce new Orchestration Step based on the value of my custom attribute. My requirement is I want to execute the a orchestration step only if the value of myattribute(boolean attribute) is set to true. The value of myattribute is either set to true or false.
I am doing something like this.
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>False</Value>
<Value>extension_myattribute</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
But this step is not skipped irrespective of the value of myattribute. I have added the myattribute as part of the OutPutClaims of AAD-UserReadUsingObjectId. I am able see the value of extension_myattribute in the C#.
Any pointers to examples where value is compared will help me a lot.
For a ClaimEquals precondition, the first <Value /> must be set to the claim type and the second <Value /> must be set to the claim value:
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>extension_myattribute</Value>
<Value>False</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
For a boolean claim, the possible values are "True" and "False".
What you try do do should work, at least there are very similar examples in the starter pack.
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/f376b431dc0c7353faf52632d3d3f735ad5978a1/scenarios/source/aadb2c-ief-terms-of-use/SignUpOrSigninToUDateTime.xml
<!-- Check if the user has selected to sign in using one of the social providers -->
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>authenticationSource</Value>
<Value>socialIdpAuthentication</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="FacebookExchange" TechnicalProfileReferenceId="Facebook-OAUTH" />
<ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="SelfAsserted-Input-ToU-LocalAccountSignUp" />
</ClaimsExchanges>
</OrchestrationStep>
The xsd also explicitly mentions "true" and "false"
<xs:attribute use="required" name="ExecuteActionsIf" type="xs:boolean" >
<xs:annotation>
<xs:documentation>
Specifies if the actions in this precondition should be performed if the test is true or false.
</xs:documentation>
</xs:annotation>
</xs:attribute>
Maybe your claim is not actually set yet? Or are you mixing attrributes and claims?
I am trying to structure my base & ext policies so that base remains pretty static. To do this I am overriding claims, etc in the ext policy - which works well. However, when trying to override a Validation Technical profile, it appears that the new items are being added at the beginning of the collection and not the end as I would have expected.
So if I have this:
base.xml
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail-NoVerify">
<DisplayName>Email signup</DisplayName>
… <!-- stuff removed for brevity -->
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
and this
ext.xml
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail-NoVerify">
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="API-UpdateUser" />
<ValidationTechnicalProfile ReferenceId="API-GetUser" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
They execute in the order of
API-UpdateUser
API-GetUser
AAD-UserWriteUsingLogonEmail
Is there anyway to control this order as I need the user to be created before the API stuff executes? i.e. Execute in order 3, 1, 2
From what I have learned, if the override adds an element with the same elementname and ID, it replaces that element from the base policy.
So, if the extension policy contains:
````
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail-NoVerify">
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="API-UpdateUser" />
<ValidationTechnicalProfile ReferenceId="API-GetUser" />
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
````
then "AAD-UserWriteUsingLogonEmail" won't be invoked 2 times, it will be invoked once, as third validation profile, because the referenceId="AAD-UserWriteUsingLogonEmail" overrides the declaration of that element in the base policy file.
The documentation is not very clear about this, and the closest doc I have found is in https://github.com/Azure-Samples/active-directory-b2c-advanced-policies/blob/master/Documentation/Features%20part%206.md, where it says:
Same element in the child policy and parent policy implies, child
policy is overriding that element of the parent policy
That documentation doesn't make clear what "same element" means, it seems to me to be the same XPath and same ID (with the ID being whatever attribute is the unique id of the element).
You need to overwrite all of them in the correct order in the extension policy. For example, if your base policy has following validation technical profile AAD-UserWriteUsingLogonEmail
In the extension policy, you add AAD-UserWriteUsingLogonEmail again, in the correct order:
API-UpdateUser
API-GetUser
AAD-UserWriteUsingLogonEmail