Azure B2C Datepicker (Calendar) - azure

I'm creating a custom policy that must do the following:
1. If the user clicks to Sign up, show a screen with three input fields that are:
a. A key (string)
b. date of birth (I would like to display a calendar)
c. another key (string)
However, after reading all the documentation Add claims and customize user input using custom policies in Azure Active Directory B2C and searching in Google, I couldn't find a way to create a "Datepicker" input field in Azure B2C.
How can I accomplish that?
Thank you

<ClaimType Id="dateOfBirth">
<DisplayName>Date of Birth</DisplayName>
<DataType>date</DataType>
<AdminHelpText>The user's date of birth.</AdminHelpText>
<UserHelpText>Your date of birth.</UserHelpText>
<UserInputType>DateTimeDropdown</UserInputType>
<PredicateValidationReference Id="CustomDateRange" />
</ClaimType>
Use DateTimeDropdown.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/claimsschema

Complementing #Jonny answer, you canconfigure the custom data range validation like so:
<BuildingBlocks>
<ClaimsSchema>
<ClaimType Id="dateOfBirth">
<DisplayName>Date of Birth</DisplayName>
<DataType>date</DataType>
<AdminHelpText>The user's date of birth.</AdminHelpText>
<UserHelpText>Your date of birth.</UserHelpText>
<UserInputType>DateTimeDropdown</UserInputType>
<PredicateValidationReference Id="CustomDateRange" />
</ClaimType>
<Predicates>
<Predicate Id="DateRange" Method="IsDateRange" HelpText="The date must be between 01-01-1980 and today.">
<Parameters>
<Parameter Id="Minimum">1980-01-01</Parameter>
<Parameter Id="Maximum">Today</Parameter>
</Parameters>
</Predicate>
</Predicates>
<PredicateValidations>
<PredicateValidation Id="CustomDateRange">
<PredicateGroups>
<PredicateGroup Id="DateRangeGroup">
<PredicateReferences>
<PredicateReference Id="DateRange" />
</PredicateReferences>
</PredicateGroup>
</PredicateGroups>
</PredicateValidation>
</PredicateValidations>
</ClaimsSchema>
</BuildingBlocks>
Helpful links:
BuildingBlocks
Predicates and PredicateValidations

Related

Validate restriction in Azure AD B2C custom policy

I have the following ClaimType in a custom policy to test out collecting user timezone during sign up:
<ClaimType Id="extension_timezone">
<DisplayName>Timezone</DisplayName>
<DataType>string</DataType>
<UserHelpText>Enter your timezone</UserHelpText>
<UserInputType>DropdownSingleSelect</UserInputType>
<Restriction>
<Enumeration Text="(UTC-08:00) Pacific Time (US & Canada)" Value="(UTC-08:00) Pacific Time (US & Canada)" SelectByDefault="false" />
<Enumeration Text="(UTC-06:00) Central Time (US & Canada)" Value="(UTC-06:00) Central Time (US & Canada)" SelectByDefault="false" />
<Enumeration Text="(UTC+00:00) Dublin, Edinburgh, Lisbon, London" Value="(UTC+00:00) Dublin, Edinburgh, Lisbon, London" SelectByDefault="true" />
<Enumeration Text="(UTC+12:00) Auckland, Wellington" Value="(UTC+12:00) Auckland, Wellington" SelectByDefault="false" />
</Restriction>
</ClaimType>
This displays correctly in the sign up flow but I have noticed that the input is not validated against the restriction. Steps:
Select item from drop-down
Use browser tools (e.g. Chrome DevTools) to change the value of the selected option
Submit the form
I would expect there to be validation to check that the submitted value matches one of the enumeration entries, but this does not happen. I can include extension_timezone in the output claims and see that the value reflects the changes I made that do not match any of the enumeration options.
You can add your own validation rules using jQuery which is loaded by both v1 and v2 policies.
Please refer this document for gudelines and samples of using Javascript

Azure B2C Sign up age restriction using custom policies

I'm trying to configure a B2C tenant using policies instead of user flows. For that, I'm using the SocialAndLocalAccount template as start base.
In the sign up page, I added a custom claim to ask the user about his/her birth date. If the user provides a date which make him/her an under age (+18), I would like to display a verification failed message (like the one you can set by using predicates) and prevent the user to be able to sign up by the create button being disabled.
So far, this is what I've got:
-I created two new claims to store a boolean value that would tell me if the user is under age or not and a second one to store the current time.
<ClaimType Id="systemDateTime">
<DisplayName>Today's date</DisplayName>
<DataType>dateTime</DataType>
</ClaimType>
<ClaimType Id="isNotUnderAge">
<DisplayName>Indicates whether user being under age or not</DisplayName>
<DataType>boolean</DataType>
<AdminHelpText>User must be over 18</AdminHelpText>
</ClaimType>
I added to ClaimsTransformation to get the current date and compare it to the selected one (date comparison):
<!-- Check user under age -->
<ClaimsTransformation Id="GetSystemDateTime" TransformationMethod="GetCurrentDateTime">
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="systemDateTime" TransformationClaimType="currentDateTime" />
</OutputClaims>
</ClaimsTransformation>
<ClaimsTransformation Id="CheckBirthDateIsNotUnderAge" TransformationMethod="DateTimeComparison">
<InputClaims>
<InputClaim ClaimTypeReferenceId="birthDate" TransformationClaimType="firstDateTime" />
<InputClaim ClaimTypeReferenceId="systemDateTime" TransformationClaimType="secondDateTime" />
</InputClaims>
<InputParameters>
<InputParameter Id="operator" DataType="string" Value="later than" />
<InputParameter Id="timeSpanInSeconds" DataType="int" Value="568025136" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="isNotUnderAge" TransformationClaimType="result" />
</OutputClaims>
</ClaimsTransformation>
Until this point, I think I'might be able to tell if the user is under age or not. From here on, I'm not sure how to continue in order to achieve my goal. I've been reading documentation but didn't come to a solution and I'm unsure that this would be the best approach.
Have you ever came across a similar restriction? If so, which is the best way to achieve this and where can I find any tips that help me resolve my issue?
Thank you very much!
EDIT 1:
I've found this question which explains a similar problem if not the same and it make me ask myself, is it possible to achieve this by using ClaimsTransformations and Predicates or is the REST API the only way to get the expected result?
It looks like you have the right idea as long as you want to blanket ban all users under 18. One option is you can use a validation technical profile to call AssertBooleanClaimIsEqualToValue transformation, which will display a custom error message on the sign-in page if the user is under 18 and won't let them continue. See Microsoft Documentation: Boolean Claim Transformations for example.
If you really want the Continue button to grey out, you could display isNotUnderage as a readonly claim and hide it with CSS, and then use JS to grey out the button based on its value.
The third option is to add an OrchestrationStep before presenting the user with your signup options with a precondition to skip if user is over 18 that will display a new Self-Asserted Technical Profile you can set up to display an error message (just a paragraph claim) and remove the continue button from. The downside here is that it requires you collect the user's age before offering them sign-up options which can complicate things.

Unable to Get Paragraph InputType to Display Any Text In Azure B2C IEF

I am having some trouble using the Paragraph UserInput Type available to Azure B2C IEF. I would like to use the Paragraph element because it would make localization a lot easier. However, no matter what I have tried, I am unable to get the Paragraph element to display any text.
I have tried to follow the documentation: https://learn.microsoft.com/en-us/azure/active-directory-b2c/claimsschema#paragraph and I have also contacted the B2C Team via GitHub and was recommended I assign default values.
ClaimType
<ClaimType Id="UserExistsErrorMessage">
<DisplayName>Error Message</DisplayName>
<DataType>string</DataType>
<UserInputType>Paragraph</UserInputType>
</ClaimType>
In my technical profile I am assigning a default value
<OutputClaim ClaimTypeReferenceId="UserExistsErrorMessage" DefaultValue="Test">
I am expecting the paragraph to display the text that I have assigned. Instead all I am getting is a blank < p>< /p> HTML tags when reviewing the source during testing.
To set the value of Paragraph UserInputType, please set default value using input claim.
<InputClaims>
<InputClaim ClaimTypeReferenceId="UserExistsErrorMessage" DefaultValue="Test"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="UserExistsErrorMessage"/>
</OutputClaims>
I believe it's the Enumeration value that must be set to the display value:
<ClaimType Id="UserExistsErrorMessage">
<DisplayName>Error Message</DisplayName>
<DataType>string</DataType>
<UserInputType>Paragraph</UserInputType>
<Restriction>
<Enumeration Text="Test" Value="This is a test message." />
</Restriction>
</ClaimType>

Unable to upload policy, The element 'ClaimType' has invalid child element, expected: 'InputValidationReference, PredicateValidationReference'

When I try to upload the following claim it fails:
<ClaimType Id="my-claim">
<DisplayName>My Claim</DisplayName>
<DataType>string</DataType>
<UserHelpText>some text</UserHelpText>
<UserInputType>TextBox</UserInputType>
<Restriction>
<Pattern RegularExpression="^[a-zA-Z0-9.!#$%&'^_`{}~-]+#[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$" HelpText="..." />
</Restriction>
<DefaultPartnerClaimTypes>
<Protocol Name="OAuth2" PartnerClaimType="blah" />
<Protocol Name="OpenIdConnect" PartnerClaimType="blah" />
</DefaultPartnerClaimTypes>
</ClaimType>
With the following error:
Unable to upload policy. Reason : Validation failed: 1 validation error(s) found in policy "B2C_1A_TRUSTFRAMEWORK_BUILDINGBLOCKS" of tenant "mytenant.onmicrosoft.com".
Schema validation error found at line 172 col 10 in policy "B2C_1A_TRUSTFRAMEWORK_BUILDINGBLOCKS" of tenant "mytenant.onmicrosoft.com": The element 'ClaimType' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06' has invalid child element 'DefaultPartnerClaimTypes' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'.
List of possible elements expected: 'InputValidationReference, PredicateValidationReference' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'.
If I move <DefaultPartnerClaimTypes> up a little, the policy uploads.
<ClaimType Id="my-claim">
<DisplayName>My Claim</DisplayName>
<DataType>string</DataType>
<DefaultPartnerClaimTypes>
<Protocol Name="OAuth2" PartnerClaimType="blah" />
<Protocol Name="OpenIdConnect" PartnerClaimType="blah" />
</DefaultPartnerClaimTypes>
<UserHelpText>some text</UserHelpText>
<UserInputType>TextBox</UserInputType>
<Restriction>
<Pattern RegularExpression="^[a-zA-Z0-9.!#$%&'^_`{}~-]+#[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$" HelpText="..." />
</Restriction>
</ClaimType>
That doesn't seem "right" to me. The order of children of <ClaimType> shouldn't matter, right?
Is that order specified in the XSD file? (I heard I can configure VS Code to validate my XML against the XSD, I need to figure out how to do that...)
Yes, the "ClaimType" type requires the child elements to be appended in the declared sequence, as defined by the XML schema; otherwise it doesn't pass the schema validation.
This also applies to all other types that are defined by this XML schema.

Azure AD B2C add claim to sign in

I have added
<ClaimType Id="IdType">
<DisplayName>Identification type</DisplayName>
<DataType>string</DataType>
<UserInputType>DropdownSingleSelect</UserInputType>
<Restriction>
<Enumeration Text="CC" Value="CC" SelectByDefault="false" />
<Enumeration Text="CE" Value="CE" SelectByDefault="false" />
<Enumeration Text="TI" Value="TI" SelectByDefault="false" />
</Restriction>
</ClaimType>
The explanation is here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-configure-signup-self-asserted-custom. I did that example.
I need to use a username with two fields, so the authentication would like the image bellow:
In the user profile, I combined both fields, Type (ddl field) and username:
So, basically, what I need to achieve is to authenticate with a two fields username, merge both values in the username field (so it's unique). Did anyone go through this?

Resources