In Azure B2C Custom policy I want to remove hyphen '-' from objectId(GUID) claimtype and assign it to another claimtype.
Eg:
Input : e8023a66-30ed-4e31-a17e-c013081704a0
Ouptut : e8023a6630ed4e31a17ec013081704a0
I have currently tried the following:
<InputParameter Id="stringFormat" DataType="string" Value="00000000000000000000000000000000,{0}" />
<InputParameter Id="stringFormat" DataType="string" Value="{0:################################}" />
<InputParameter Id="stringFormat" DataType="string" Value="{0:#}" />
I am using FormatStringClaim transformationmethod in ClaimsTransformation to achieve the same however the value is getting assigned to the target claimtype with hyphen.
Can you please help me in removing hyphen?
Note:
I cannot use any other String operations like Replace or Split as Azure AD supports only String.Format method.
I am using FormatStringClaim transformationmethod in ClaimsTransformation to achieve the same however the value is getting assigned to the target claimtype with hyphen.
It sounds like you incorrectly configured your Claims Transformation and have assigned your original GUID as both your input and output claims. You need to update the ClaimTypeReferenceId with the claim you want to store your modified GUID in.
Example:
<ClaimsTransformation Id="RemoveHash" TransformationMethod="FormatStringClaim">
<InputClaims>
<InputClaim ClaimTypeReferenceId="originalGuid" TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter Id="stringFormat" DataType="string" Value="{0}" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="modifiedGuid" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
Related
I am looking to customize a UXElement with a Claims Transformation.
I am able to do a String Transformation and add that, but what I am looking to do is to dynamically create a header with a claim.
I have a Claims Transformation
<ClaimsTransformation Id="CopySignInNameToReadOnly" TransformationMethod="FormatLocalizedString">
<InputClaims>
<InputClaim ClaimTypeReferenceId="givenName" TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter Id="stringFormatId" DataType="string" Value="initial_intro" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="readOnlyName" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
I want the givenName ideally to be in the UXElement because it is displayed as a header.
In my Localized String I have
<LocalizedStrings>
<LocalizedString ElementType="UxElement" StringId="initial_intro">Test - {0}!</LocalizedString>
<LocalizedString ElementType="FormatLocalizedStringTransformationClaimType" StringId="initial_intro">Welcome Back - {0}!</LocalizedString>
</LocalizedStrings>
I am getting it on the localized stringclaim fine. but i cannot figure out the UXElement.
[
What is the recommended way to simply assign a default value to a claim through ClaimsTransformations?
For instance:
// Validation failed: The 'DefaultValue' attribute is not declared.Schema validation error
<!-- Assign the true to 'extension_isProfileComplete' claim whenever users fill in all required info at signup -->
<ClaimsTransformation Id="ProfileIsCompleted" TransformationMethod="CopyClaim">
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_isProfileComplete" TransformationClaimType="inputClaim"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="extension_isProfileComplete" DefaultValue="true" AlwaysUseDefaultValue="true" TransformationClaimType="outputClaim"/>
</OutputClaims>
</ClaimsTransformation>
I know I can achieve the same using a TechnicalProfile only for that but it seems overkill.
I use:
<ClaimsTransformation Id="CreateXXX" TransformationMethod="CreateStringClaim">
<InputParameters>
<InputParameter Id="value" DataType="string" Value="Some value"/>
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="xxx" TransformationClaimType="createdClaim"/>
</OutputClaims>
</ClaimsTransformation>
I have a validation technical profile that checks if there is an existing user with the same company custom attribute during sign up and returns an error. It works great if there is just one user that matches the company name but throws an error when there are multiple which is possible.
Exception is application insight is:
Only one retrieved principal can be returned.
<TechnicalProfile Id="AAD-CheckDuplicateCompany">
<Metadata>
<Item Key="Operation">Read</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">false</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_company" Required="true" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" DefaultValue="NOTFOUND" AlwaysUseDefaultValue="true" />
<OutputClaim ClaimTypeReferenceId="objectIdNotFound" DefaultValue="NOTFOUND" AlwaysUseDefaultValue="true" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="AssertObjectIdAADUserObjectIdNotFoundAreEqual" />
</OutputClaimsTransformations>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>
<ClaimsTransformation Id="AssertObjectIdAADUserObjectIdNotFoundAreEqual" TransformationMethod="AssertStringClaimsAreEqual">
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" TransformationClaimType="inputClaim1" />
<InputClaim ClaimTypeReferenceId="objectIdNotFound" TransformationClaimType="inputClaim2" />
</InputClaims>
<InputParameters>
<InputParameter Id="stringComparison" DataType="string" Value="ordinalIgnoreCase" />
</InputParameters>
</ClaimsTransformation>
AAD-CheckDuplicateCompany is used as a validation technical profile in LocalAccountSignUpWithLogonEmail, so it will not insert the user if there is at least one user that exists with the same company attribute. Is there a way to get just one user match?
Not possible. It’s only supported to use an input claim that uniquely identifies an account.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-technical-profile#inputclaims
You need to make your own REST API call and perform your custom logic there.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-rest-api-claims-exchange?pivots=b2c-custom-policy
I'm using the azure b2c sign-up policy(built-in policy) in my application. There, we are having three fields.
Display Name (Basically this is equal to Given name + Surname)
Given Name
Surname
In my case, I want to remove this Display name from the user flow. But once I remove it, In B2C, the name of the user is "Undefined".
Is there any way that I can generate the Display name with Given name and Surname, Without asking the Display name?
(I'm using built-in user flow)
Concatenating the claims in the Built-in user flow is not possibile. It can be possibile using the custom policy
<ClaimsTransformation Id="CreateDisplayNameFromFirstNameAndLastName" TransformationMethod="FormatStringMultipleClaims">
<InputClaims>
<InputClaim ClaimTypeReferenceId="givenName" TransformationClaimType="inputClaim1" />
<InputClaim ClaimTypeReferenceId="surName" TransformationClaimType="inputClaim2" />
</InputClaims>
<InputParameters>
<InputParameter Id="stringFormat" DataType="string" Value="{0} {1}" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation >
Please refer this document for more information.
If you are specifically looking for a way with Built-in user flow we would recommend you to do the concatenation in the application while showing the display Name.
We would recommend you to use the display name than concatenating first name and surname(last name) because based on the IDP choosen by the customer may or maynot contain both First name and lastname(surname), Where displayname(Name) will be present
Check user exists in AD B2C(using custom policy) if user exists show login option else(if user doesnt exists) show registration form
I tried with below policy but couldnt make it work
https://github.com/azure-ad-b2c/samples/tree/master/policies/split-email-verification-and-signup
<ClaimsTransformation Id="AssertObjectIdObjectIdNotFoundAreEqual" TransformationMethod="CompareClaims">
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" TransformationClaimType="inputClaim1" />
<InputClaim ClaimTypeReferenceId="objectIdNotFound" TransformationClaimType="inputClaim2" />
</InputClaims>
<InputParameters>
<InputParameter Id="operator" DataType="string" Value="NOT EQUAL" />
<InputParameter Id="ignoreCase" DataType="string" Value="true" />
<!-- <InputParameter Id="stringComparison" DataType="string" Value="ordinalIgnoreCase" /> -->
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="EmailExists" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
I'm trying to compare objectid, so i can have EmailExists claim but it doesnt give true/false based on objectid exists
Any one has idea how to do it, please help
The step “known email” -> the logic should be “does ObjectId Exist”.
In your orchestration steps, read the directory using the given email after code verification step. In the AAD technical profile, use the metadata config to not throw an error if the user is not found.
Now you will either have or not have an objectId.
The subsequent orchestration step should use a precondition using ClaimExists logic against objectId to drive the subsequent logic.
You could even use two subjourneys pivoting off whether objectId exists.