I have a call to REST API that returns:
{
"a": false,
"b": 1,
"student": {
"person": {
"name": "Complete name here"
...
}
}
}
In this way... I need extract person.name from student to a claim in B2C, but at moment, can only get student in this format below
"student": "{\r\n \"studyShiftId\": 4,\r\n \"academicActive\": true,\r\n \"active\": true,\r\n \"person\": {\r\n \"documentCode\": \"041.407.671-03\",\r\n \"name\": \"LEONARDO SOARES DOS SANTOS\",\r\n },\r\n \"course\": [\r\n {\r\n \"name\": \"Direito - Bacharelado\",\r\n \"type\": \"Presencial\",\r\n \"enrollmentCode\": \"3699342283\",\r\n \"alucod\": \"3699342\",\r\n \"academicStateCode\": \"P\",\r\n \"academicStateName\": \"Período de Matrícula\",\r\n \"campus\": {\r\n \"name\": \"UNICEN PRIMAVERA - UNIDADE NOVA\",\r\n \"brand\": {\r\n \"name\": \"Unic\",\r\n \"urlImg\": \"https://stportaldoalunotst.blob.core.windows.net/unic.png\",\r\n \"color\": \"#005397\"\r\n }\r\n }\r\n }\r\n ]\r\n}"
<ClaimType Id="student">
<DataType>string</DataType>
</ClaimType>
I already tried use GetClaimFromJson / Microsoft Docs and raises me a fatal exception
Claim transformations:
<ClaimsTransformation Id="GetPersonalDataFromJson" TransformationMethod="GetClaimFromJson">
<InputClaims>
<InputClaim ClaimTypeReferenceId="student" TransformationClaimType="inputJson" />
</InputClaims>
<InputParameters>
<InputParameter Id="claimToExtract" DataType="string" Value="person" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="extension_person" TransformationClaimType="extractedClaim" />
</OutputClaims>
</ClaimsTransformation>
<ClaimsTransformation Id="GetEmailFromPersonalData" TransformationMethod="GetClaimFromJson">
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_person" TransformationClaimType="inputJson" />
</InputClaims>
<InputParameters>
<InputParameter Id="claimToExtract" DataType="string" Value="email" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" TransformationClaimType="extractedClaim" />
</OutputClaims>
</ClaimsTransformation>
In short: Extract claim inside child elements from JSON data, path like e.g: student.person.name
Appreciate any help.
Related
I am using custom policy that calls SendGrid API to send mails for OTP. The API is successful in sending however the subject part does not reflect the value from the request.
This is my custom policy code that generates the JSON.
<ClaimsTransformation Id="GenerateEmailRequestBody-Local" TransformationMethod="GenerateJson">
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.to.0.email" />
<InputClaim ClaimTypeReferenceId="otp" TransformationClaimType="personalizations.0.dynamic_template_data.otp" />
<InputClaim ClaimTypeReferenceId="email" TransformationClaimType="personalizations.0.dynamic_template_data.email" />
<InputClaim ClaimTypeReferenceId="subject" TransformationClaimType="subject" />
</InputClaims>
<InputParameters>
<!-- Update the template_id value with the ID of your SendGrid template. -->
<InputParameter Id="template_id" DataType="string" Value="d-xxxxxxxxxxxxxxxxxxxxxxxxxx" />
<!-- Todo: update the sender -->
<InputParameter Id="from.email" DataType="string" Value="sender#gmail.com" />
<InputParameter Id="from.name" DataType="string" Value="Administrator" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="emailRequestBody" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
Below is request generated from the custom policy and sent to SendGrid.
{
"personalizations": [
{
"to": [
{
"email": "someone#gmail.com"
}
],
"dynamic_template_data": {
"email": "someone#gmail.com",
"otp": "086924"
}
}
],
"subject": "Verification code",
"template_id": "d-xxxxxxxxxxxxxxxxxxxxxxxx",
"from": {
"email": "someone#gmail.com",
"name": "Administrator"
}
}
Is there a part that I've missed? Please help.
Few things to try
Update the TransformationClaimType for subject.
<InputClaim ClaimTypeReferenceId="subject" TransformationClaimType="personalizations.0.dynamic_template_data.subject" />
Verify subject claim has a valid value. Try setting default value to inputclaim.
Update the subject field in send grid portal.
We are trying to work with B2E optional claims … we followed this doc and this to create the extension Claim at B2E, than populate it with some value… and enable it on Token Conf/Manifest. We also setup de XML with the PartnerClaimType but we can’t receive the Claim from B2E. Do you have some tip or idea why we cant receive the claim?
Defaults claims works fine, but optional… we spent at least 2 days with tons of tests… =(
Extension Claim
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#applications('XXX9f805-40cb-41af-80ae-c63201919XXX')/extensionProperties",
"value": [
{
"id": "XXX707f9-8cdb-4cfa-996e-59da8512fXXX",
"deletedDateTime": null,
"appDisplayName": "",
"name": "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil",
"dataType": "String",
"isSyncedFromOnPremises": false,
"targetObjects": ["User"]
}
]
}
Populated claim from and User
{ "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil": "tempinfo",
}
B2E App Manifest
"saml2Token": [
{
"name": "extension_XXXb714c01374c3e89a7c700bbd0eXXX_perfil",
"source": "user",
"essential": false,
"additionalProperties": []
}
]
OpenId ClaimProvider
Obs.: we also tried “extension_perfil” and “extn.perfil”
References:
https://learn.microsoft.com/en-us/graph/api/resources/extensionproperty?view=graph-rest-1.0
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
In technical profile OIDC-ViaVarejo change
<OutputClaim ClaimTypeReferenceId="extension_perfil" />
To
<OutputClaim ClaimTypeReferenceId="extension_perfil" PartnerClaimType="extn.perfil" />
Your claims definition should be as follows since AAD is returning an Array:
<ClaimType Id="extension_perfil">
<DisplayName>extension_perfil</DisplayName>
<DataType>stringCollection</DataType>
<UserHelpText>extension_perfil</UserHelpText>
</ClaimType>
If you want to display the value to the screen in a textbox, you need to convert the stringCollection to a string (itll just get the first value):
<ClaimsTransformation Id="ExtractPerfil" TransformationMethod="GetSingleItemFromStringCollection">
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_perfil" TransformationClaimType="collection" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="perfil" TransformationClaimType="extractedItem" />
</OutputClaims>
</ClaimsTransformation>
Define the claim perfil
<ClaimType Id="perfil">
<DisplayName>perfil</DisplayName>
<DataType>string</DataType>
<UserHelpText>extension_perfil</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
Then modify SelfAsserted-AADVV-PersonalData:
...
</CryptographicKeys>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="ExtractPerfil" />
</InputClaimsTransformations>
<InputClaims>
<InputClaim ClaimTypeReferenceId="Step" DefaultValue="SelfAsserted-AADVV-PersonalData" AlwaysUseDefaultValue="true" />
<InputClaim ClaimTypeReferenceId="displayName" />
<InputClaim ClaimTypeReferenceId="email" />
<InputClaim ClaimTypeReferenceId="perfil" />
<InputClaim ClaimTypeReferenceId="extension_DataNasc" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="Step" />
<OutputClaim ClaimTypeReferenceId="displayName" Required="true" />
<OutputClaim ClaimTypeReferenceId="email" Required="true" />
<OutputClaim ClaimTypeReferenceId="perfil" Required="true" />
<OutputClaim ClaimTypeReferenceId="extension_DataNasc" Required="true" />
<OutputClaim ClaimTypeReferenceId="DDIBrasil" DefaultValue="+55" AlwaysUseDefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="extension_Celular" Required="true" />
</OutputClaims>
...
I did localisation in my custom policy, but in certain steps I'm calling REST API to validate some data. Response is coming in English, but now I need to translate that messages too as a part of localisation. Is there any way to do this in B2C?
Here is the response I'm getting from API:
{
"userMessage": "Password is incorrect",
"version":"1.0.0",
"status": 409,
"code": "API12345",
"requestId":"50f0bd91-2ff4-4b8f-828f-00f170519ddb",
"developerMessage":"Verbose description of problem and how to fix it.",
"moreInfo": "https://restapi/error/API12345/moreinfo"
}
You can send the localisation parameter to the REST API and have it return a localised error. Or you can return back an error code from the API instead of an error string. Then use the following example to have this done in policy:
<BuildingBlocks>
<ClaimsSchema>
<ClaimType Id="errorCode">
<DisplayName>errorCode</DisplayName>
<DataType>string</DataType>
<UserHelpText>A claim responsible for holding response codes to send to the relying party</UserHelpText>
</ClaimType>
<ClaimType Id="messageValue">
<DisplayName>Message</DisplayName>
<DataType>string</DataType>
<UserHelpText>A claim responsible for holding response messages to send to the relying party</UserHelpText>
<UserInputType>Paragraph</UserInputType>
<Restriction>
<Enumeration Text="errorCode1" Value="will get overidden by localization" />
<Enumeration Text="errorCode2" Value="will get overidden by localization" />
</Restriction>
</ClaimType>
</ClaimsSchema>
<ClaimsTransformations>
<ClaimsTransformation Id="SetMessageId" TransformationMethod="CreateStringClaim">
<InputParameters>
<InputParameter Id="value" DataType="string" Value="errorCode1" /> <!-- Toggle for errorCode2 -->
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="errorCode" TransformationClaimType="createdClaim" />
</OutputClaims>
</ClaimsTransformation>
<ClaimsTransformation Id="GetLocalizedMessage" TransformationMethod="GetMappedValueFromLocalizedCollection">
<InputClaims>
<InputClaim ClaimTypeReferenceId="errorCode" TransformationClaimType="mapFromClaim" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="messageValue" TransformationClaimType="restrictionValueClaim" />
</OutputClaims>
</ClaimsTransformation>
</ClaimsTransformations>
<ContentDefinitions>
<ContentDefinition Id="api.selfasserted">
<LocalizedResourcesReferences MergeBehavior="Prepend">
<LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.selfasserted.en" />
<LocalizedResourcesReference Language="es" LocalizedResourcesReferenceId="api.selfasserted.es" />
</LocalizedResourcesReferences>
</ContentDefinition>
</ContentDefinitions>
<Localization Enabled="true">
<SupportedLanguages DefaultLanguage="en" MergeBehavior="ReplaceAll">
<SupportedLanguage>en</SupportedLanguage>
<SupportedLanguage>es</SupportedLanguage>
</SupportedLanguages>
<LocalizedResources Id="api.selfasserted.en">
<LocalizedCollections>
<LocalizedCollection ElementType="ClaimType" ElementId="messageValue" TargetCollection="Restriction">
<Item Text="errorCode1" Value="First message in english" />
<Item Text="errorCode2" Value="Second message in english" />
</LocalizedCollection>
</LocalizedCollections>
</LocalizedResources>
<LocalizedResources Id="api.selfasserted.es">
<LocalizedCollections>
<LocalizedCollection ElementType="ClaimType" ElementId="messageValue" TargetCollection="Restriction">
<Item Text="errorCode1" Value="Primer mensaje en español" />
<Item Text="errorCode2" Value="Segundo mensaje en español" />
</LocalizedCollection>
</LocalizedCollections>
</LocalizedResources>
</Localization>
</BuildingBlocks>
<ClaimsProviders>
<ClaimsProvider>
<DisplayName>Self Asserted</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="SelfAsserted-WelcomePage">
<DisplayName>User profile</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
</Metadata>
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="SetMessageId" />
<InputClaimsTransformation ReferenceId="GetLocalizedMessage" />
</InputClaimsTransformations>
<InputClaims>
<InputClaim ClaimTypeReferenceId="messageValue" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email"/>
<OutputClaim ClaimTypeReferenceId="messageValue"/>
</OutputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
<UserJourneys>
<UserJourney Id="Localization_Tester">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="SelfAsserted-WelcomePage" TechnicalProfileReferenceId="SelfAsserted-WelcomePage" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AAD-UserReadUsingEmailAddress" TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
</OrchestrationSteps>
</UserJourney>
</UserJourneys>
I'm using ADFS as an IdP for Azure B2C through OpenID Connect. Login works, but I do not receive any claims from ADFS.
Here is a part of TrusFrameworkExtensions policy:
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="UPN" />
<OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="Name" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="contosoAuthentication" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="OpenIDADFS" />
</OutputClaims>
And here is the example of JWT token i receive:
{
"exp": 1536674800,
"nbf": 1536671200,
"ver": "1.0",
"iss": "https://login.microsoftonline.com/2263fb1b-1249-4245-a174-cb9d518d7ce3/v2.0/",
"sub": "f5fa8b7b-5e14-4b49-8f9f-33ea5c8b2149",
"aud": "21d60a4b-6e33-4e22-b618-586882744560",
"acr": "b2c_1a_signuporsigninfmdclient",
"nonce": "defaultNonce",
"iat": 1536671200,
"auth_time": 1536671200,
"idp": "OpenIDADFS",
"name": "unknown"
}
No claims in here.
Here is my ADFS setup with claims from AD
The relying party policy SignUpOgSignIn
<RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignInFmdClient" />
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surname" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
<OutputClaim ClaimTypeReferenceId="identityProvider" />
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
How to receive claims?
For anyone else dealing with the same issue or similar issues, the necessary piece was to add <OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="UPN" />
(per Jamie's comment)
For reference, the B2C custom policy Azure Sample is very helpful. https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/SocialAccounts/TrustFrameworkBase.xml
I'm trying to clone a custom policy from an ADB2C tenant to another one uploading the XML file through the "identity experience framework" interface
but I get the following error:
Unable to upload policy. Reason : Validation failed: 1 validation error(s) found in policy "B2C_1A_B2C_1_SIGNUPIN" of tenant "tenant.onmicrosoft.com".Policy 'B2C_1A_B2C_1_SignUpIn' of tenant 'tenat.onmicrosoft.com' is not allowed to inherit from the specified base policy. Inheritance chain: {
"TenantId": "tenant.onmicrosoft.com",
"PolicyId": "base-v1",
"TenantObjectId": "xxxx...",
"Root": true,
"Derived": {
"TenantId": "tenant.onmicrosoft.com",
"PolicyId": "B2C_1A_B2C_1_SignUpIn",
"TenantObjectId": "yyyy...",
"Rule": "All",
"InheritanceAllowed": false,
"Reason": "Policy 'B2C_1A_B2C_1_SignUpIn' in tenant 'yyyyy...' is blocked from inheriting policies from 'xxxx...' as the basic policy constraint handler 'B2CBasicPoliciesOnly' cannot match the policy id to a prefix or registered policy id."
}
}
This is the policy content:
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0"
TenantId="tenant.onmicrosoft.com" TenantObjectId="xxx...."
PolicyId="B2C_1_SignUpIn" PublicPolicyUri="http://tenant.onmicrosoft.com/">
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>base-v1</PolicyId>
</BasePolicy>
<BuildingBlocks>
<ClaimsSchema>
<ClaimType Id="displayName">
<DisplayName>Username</DisplayName>
<DataType>string</DataType>
<Restriction MergeBehavior="Append" />
</ClaimType>
<ClaimType Id="givenName">
<DisplayName>First Name</DisplayName>
<DataType>string</DataType>
<Restriction MergeBehavior="Append" />
</ClaimType>
<ClaimType Id="surname">
<DisplayName>Last name</DisplayName>
<DataType>string</DataType>
<Restriction MergeBehavior="Append" />
</ClaimType>
<ClaimType Id="extension_Service">
<DisplayName>Service Name</DisplayName>
<DataType>string</DataType>
<Restriction MergeBehavior="Append" />
</ClaimType>
</ClaimsSchema>
</BuildingBlocks>
<ClaimsProviders>
<ClaimsProvider>
<DisplayName>PhoneFactor</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="PhoneFactor-Common">
<EnabledForUserJourneys>OnClaimsExistence</EnabledForUserJourneys>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
<ClaimsProvider>
<DisplayName>Token Issuer</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="JwtIssuer">
<Metadata>
<Item Key="token_lifetime_secs">3600</Item>
<Item Key="id_token_lifetime_secs">3600</Item>
<Item Key="refresh_token_lifetime_secs">1209600</Item>
<Item Key="rolling_refresh_token_lifetime_secs">7776000</Item>
<Item Key="IssuanceClaimPattern">AuthorityAndTenantGuid</Item>
<Item Key="AuthenticationContextReferenceClaimPattern">None</Item>
</Metadata>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
<ClaimsProvider>
<DisplayName>Self Asserted</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="SelfAsserted-Input">
<InputClaims>
<InputClaim ClaimTypeReferenceId="displayName" />
<InputClaim ClaimTypeReferenceId="givenName" />
<InputClaim ClaimTypeReferenceId="surname" />
<InputClaim ClaimTypeReferenceId="extension_Organization" />
<InputClaim ClaimTypeReferenceId="extension_Department" />
<InputClaim ClaimTypeReferenceId="extension_Service" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" Required="true" />
<OutputClaim ClaimTypeReferenceId="givenName" Required="true" />
<OutputClaim ClaimTypeReferenceId="surname" Required="true" />
<OutputClaim ClaimTypeReferenceId="extension_Organization" Required="true" />
<OutputClaim ClaimTypeReferenceId="extension_Department" Required="true" />
<OutputClaim ClaimTypeReferenceId="extension_Service" Required="true" />
</OutputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
<ClaimsProvider>
<DisplayName>Azure Active Directory</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="AAD-ReadCommon">
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surname" />
<OutputClaim ClaimTypeReferenceId="extension_Organization" />
<OutputClaim ClaimTypeReferenceId="extension_Department" />
<OutputClaim ClaimTypeReferenceId="extension_Service" />
</OutputClaims>
</TechnicalProfile>
<TechnicalProfile Id="AAD-WriteCommon">
<PersistedClaims>
<PersistedClaim ClaimTypeReferenceId="displayName" />
<PersistedClaim ClaimTypeReferenceId="givenName" />
<PersistedClaim ClaimTypeReferenceId="surname" />
<PersistedClaim ClaimTypeReferenceId="extension_Organization" />
<PersistedClaim ClaimTypeReferenceId="extension_Department" />
<PersistedClaim ClaimTypeReferenceId="extension_Service" />
</PersistedClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
<UserJourneys>
<UserJourney Id="B2CSignUpOrSignInWithPassword">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signinandsignupwithpassword">
<ClaimsProviderSelections>
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
</OrchestrationStep>
</OrchestrationSteps>
</UserJourney>
</UserJourneys>
<RelyingParty>
<DefaultUserJourney ReferenceId="B2CSignUpOrSignInWithPassword" />
<UserJourneyBehaviors>
<SingleSignOn Scope="Tenant" />
<SessionExpiryType>Rolling</SessionExpiryType>
<SessionExpiryInSeconds>86400</SessionExpiryInSeconds>
</UserJourneyBehaviors>
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="emails" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
<OutputClaim ClaimTypeReferenceId="newUser" />
<OutputClaim ClaimTypeReferenceId="surname" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="identityProvider" />
<OutputClaim ClaimTypeReferenceId="extension_Organization" />
<OutputClaim ClaimTypeReferenceId="extension_Service" />
<OutputClaim ClaimTypeReferenceId="extension_Department" />
<OutputClaim ClaimTypeReferenceId="trustFrameworkPolicy" Required="true" DefaultValue="{policy}" />
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
Downloading standard policies and then uploading them (whether with or without modification) is not supported.
Looks like thats what you tried which makes your standard policy a custom policy. Custom policies cannot have base-v1 in the inheritance hierarchy. The base-v1 policies are strictly meant to be used by the standard policies.
The error indicates that your (now) custom policy is inheriting from base-v1.