I am using ADB2C's custom policies to create the screens.
What are the variable names and data types for user IDs and passwords in login and MFA?
Also, what are the variable names and data types for the phone number and confirmation code in MFA?
I don't know because it is not the source I described.
• According to the official Microsoft documentation, the username in Azure AD B2C custom policy is denoted by a variable attribute of ‘signInNames.userName’ and its datatype is ‘String’. Similarly, for password, the variable attribute assigned is ‘password’ and its datatype is ‘String’. For the phone number, the assigned attribute is ‘mobile’ or ‘mobilePhone’ and the datatype is ‘String’ but if you want to use that phone number for MFA in Azure AD B2C, the variable attribute for it is ‘strongAuthenticationAlternativePhoneNumber’ and its datatype is ‘String’. Rest for the confirmation code, there is no such defined attribute by default in Azure AD B2C as others specified earlier, but you can surely define a custom attribute for it by defining the ‘DisplayName’, ‘DataType’ and ‘UserInputType’ for the custom attribute as below: -
<!--
<BuildingBlocks>
<ClaimsSchema> -->
<ClaimType Id="city">
<DisplayName>City where you work</DisplayName>
<DataType>string</DataType>
<UserInputType>DropdownSingleSelect</UserInputType>
<Restriction>
<Enumeration Text="Berlin" Value="berlin" />
<Enumeration Text="London" Value="london" />
<Enumeration Text="Seattle" Value="seattle" />
</Restriction>
</ClaimType>
<!--
</ClaimsSchema>
</BuildingBlocks>-->
For more information regarding the above, please refer the below documentation links: -
https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-user-input?pivots=b2c-custom-policy#define-a-claim
https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-profile-attributes
Related
I am using Azure B2C custom policy for passwordless signin following this sample.
The <BuildingBlocks> section has the <ClaimsTransformations>.....</ClaimsTransformations> which defines random password generation. To customize the UI for my login screens I have also added <ContentDefinitions> .... </ContentDefinitions> inside <BuildingBlocks> section.
Now I am getting a validation error when trying to upload the TrustFrameworkExtensions_passwordless_only.xml file saying that the ---> element <BuildingBlocks> has invalid child element <ClaimsTransformations>. List of possible elements expected: Localisation, DisplayControls.
This is strange because in the reference schema ClaimsTransformations is also a valid element. Not idea why I am getting this error. Can anyone please help me with this issue?
According to official AD B2C custom policy documentation on BuildingBlocks:
The BuildingBlocks element contains the following elements that must be specified in the order defined:
<BuildingBlocks>
<ClaimsSchema>
...
</ClaimsSchema>
<Predicates>
...
</Predicates>
<PredicateValidations>
...
</PredicateValidations>
<ClaimsTransformations>
...
</ClaimsTransformations>
<ContentDefinitions>
...
</ContentDefinitions>
<Localization>
...
</Localization>
<DisplayControls>
...
</DisplayControls>
</BuildingBlocks>
So the order matters and you need to place ContentDefinitions block after ClaimsTransformations block.
I have an azure b2c custom flow. Everything works fine except when the user clicks the login button a hint shows up attached to the username that say “please match the requested format”. Why is this showing up? I don’t see anywhere in the base/extensions/ signup in files that has this restriction or message.
For this issue, the problem was related to the claim type. In my TrustFrameworkExtensions file, I needed to define a claimtype to override the default behavior. The required changes was to add a restrictions setting and HelpText. Something like this:
<ClaimType Id="signInName">
<DisplayName>Username</DisplayName>
<DataType>string</DataType>
<UserHelpText />
<UserInputType>TextBox</UserInputType>
<Restriction>
<Pattern RegularExpression="^[a-zA-Z0-9]*$" HelpText="Invalid username bro" />
</Restriction>
</ClaimType>
I am trying to implement multicheckbox with dynamic values in azure ad b2c custom policy claims schema.
Url : https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-configure-signup-self-asserted-custom
Example:
<ClaimType Id="city">
<DisplayName>Receive updates from which cities?</DisplayName>
<DataType>string</DataType>
<UserInputType>CheckboxMultiSelect</UserInputType>
<Restriction>
<Enumeration Text="Bellevue" Value="bellevue" SelectByDefault="false" />
<Enumeration Text="Redmond" Value="redmond" SelectByDefault="false" />
<Enumeration Text="Kirkland" Value="kirkland" SelectByDefault="false" />
</Restriction>
</ClaimType>
How to bind Restriction Enumerations with dynamic values rather than static values in policy XML? I am trying to bind a return value of rest API from user journey to MultiCheckBox.
Answer
Use javascript to generate multicheck box.
Use rest api call to get value(out put claim) that needs to be bind with multicheckbox.
Pass out put claim value to custom html page (self assertion page)
Use javascript to bind output claim and multicheckbox
IEF does not support dynamic values for collections as of now. This is an interesting scenario though.
One alternate could be to redirect to an OpenID Connect compliant provider and show such a screen there, and return appropriate claims.
Azure AD B2C Custom Policy is failing validation and there is no reference to what is causing the validation error.
I already had custom policies defined for my application to start with and everything works fine prior to my adding a simple companyName string to the signup process. I followed the steps detailed in this guide to add a field to collect at signup. I ran into issues uploading the singup_signing custom policy after successfully uploading the TrustFrameworkBase policy. It was telling me that
Validation failed: 1 validation error(s) found in policy "B2C_1A_SIGNUP_SIGNIN" of tenant "xxxxx".Output Claim 'companyName' is not supported in Azure Active Directory Provider technical profile 'AAD-UserReadUsingObjectId' of policy 'B2C_1A_signup_signin'. If it is a claim with default value, add AlwaysUseDefaultValue="true" to the output claim mapping.
So I did as suggested and added the AlwaysUseDefaultValue="true" and DefaultValue="" attributes to the OutputClaim in the 'AAD-UserReadUsingObjectId' technical profile. This allowed me to upload the policy file successfully.
However, when I test the signup_signin policy, I get a message stating
Unable to validate the information provided.
I have Application Insights setup for this tenant as well and see the equally vague error message
Error returned was 400/Request_BadRequest: One or more property values specified are invalid.
I added the claim type to the claims schema in FrameworkBase
<ClaimType Id="companyName">
<DisplayName>Company</DisplayName>
<DataType>string</DataType>
<UserHelpText>Your company</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
I added the PersistedClaim to TechnicalProfile 'AAD-UserWriteUsingLogonEmail'
<PersistedClaim ClaimTypeReferenceId="companyName" />
I added the OutputClaim to TechnicalProfiles 'AAD-UserReadUsingEmailAddress'
<OutputClaim ClaimTypeReferenceId="companyName" />
and 'AAD-UserReadUsingObjectId'
<OutputClaim ClaimTypeReferenceId="companyName" AlwaysUseDefaultValue="true" DefaultValue="" />
I added the OutputClaim to signup_signin.xml as well
<OutputClaim ClaimTypeReferenceId="companyName" />
I expect that the user is successfully signed up but get the validation error above instead
That example uses "city".
"Your Azure AD B2C directory comes with a built-in set of attributes. Examples are Given Name, Surname, City, Postal Code, and userPrincipalName."
So "city" is in the schema.
I assume from the error that "companyName" isn't.
To add that, you use a custom attribute.
So it would be "extension_companyName".
I am using AD B2C custom policy for sign in sign up process. I am getting a custom attribute named "Worksapce" from user while signing up. Is it possible to add this custom attribute as a drop down to sign in custom UI page so that user can select their workspace while signing in?
As specified in the documentation here, you should define the "workspace" claim type in your policy file (the TrustFrameworkBase.xml might be a good place to put in) e.g. using a dropdown. The Restriction node of your xml should be used to specify all possible values for your dropdown.
Here an example:
<ClaimType Id="city">
<DisplayName>city where you work</DisplayName>
<DataType>string</DataType>
<UserInputType>DropdownSingleSelect</UserInputType>
<Restriction>
<Enumeration Text="Bellevue" Value="bellevue" SelectByDefault="false" />
<Enumeration Text="Redmond" Value="redmond" SelectByDefault="false" />
<Enumeration Text="Kirkland" Value="kirkland" SelectByDefault="false" />
</Restriction>
</ClaimType>
Then, You should add the claim to the sign up/sign in user journey. The official documentation explain how to accomplish those steps in a very detailed way here