If the same output claim is defined in multiple technical profiles, what is the expected behavior?
Particularly if a technical profile emits an output claim and another technical profile that executes later defines the same output claim but does not emit one at run time, what is the expected behavior?
If there are two different OrchestrationSteps, each containing a TechnicalProfile that emits the same claim, then the TechnicalProfile from the later step will "overwrite" the value of the claim if such a claim is emitted.
Lets take a specific (although somewhat made-up) example.
Step 1 uses a TechnicalProfile for a SelfAsserted page that asks the user for their first name via "OutputClaim ClaimTypeReferenceId="givenName"" . The user fills in the name "John" on this page, and continues.
Step 2 uses a TechnicalProfile for a ClaimsExchange with Google, which may also emit a first name via "OutputClaim ClaimTypeReferenceId="givenName"".
However, it is possible that the user did or did not register their first name when creating their account at Google. If the first name is available (lets say with the name "Lingeshwaran"), then Google will emit that claim, and B2C will consume it. In this case, the final resulting value after step 2 for givenName will be "Lingeshwaran".
If the user did not fill in their first name when creating their Google account, then it will be missing from the claims that Google emits in their token. As a result, the existing "givenName" claim will not be overwritten, and the resulting value after step 2 for givenName will be "John".
Related
I have a basic lead gen bot under which I have 2 services (in 2 different intents) for which I am collecting leads. Under both of them I am collecting the name, email, and phone number and I also have checked the required tick boxes.
It's working as expected when I am just availing/submitting lead for a single service. However, if in the same interaction I also want to go for the second service the bot is again asking for the name, email & phone number which it already has from my interaction for the first service. How do I make sure that it doesn't ask for the details if it already has them?
I also do not mind handling it programmatically using fulfillment but I could not find any documentation.
Any help is highly appreciated
you can use the user storage (https://developers.google.com/actions/assistant/save-data)
or alternatively you can try to link the parameters of the two intents to the same context parameters. Set your parameter value like this #context_name.param_name
I was able to do this by setting an output context in the first intent & using the input context in the second intent.
The trick was to assign a default value to the parameters in the second intent as "context_name.param"
The user is required to enter an ID number which populates a parameter and will then be used to look up a database. All IDs are 11 digits long and start with a 1 and a 0. How can I test the number entered by the user to ensure it meets these requirements and then reprompt if their entry is invalid?
The parameter is currenty a number type entity. Within the intent, it is a required parameter, the intent itself is first triggered by the user entering "MBTN" which is the name of the ID number. This number will be used to look up associated value in a database. The purpose of checking the validity before looking up the database is to reduce the number of wasted calls to the database.
I feel like this will require some code to put in place but am unsure of the best way to approach this in Dialogflow. Has anyone done anything similar?
You will have to use a fulfillment webhook to validate the ID. Please go through documentation on how to set it up:
Dialogflow Fulfillment using Webhook
I'm trying to extract a single email address from an array of email addresses (stored in the otherEmails attribute). I thought I could use the GetSingleValueFromJsonArray claims transformation. But, I get the following error:
The InputClaims mismatched in ClaimsTransformation with id
"GetEmailFromJson" with TransformationMethod
"GetSingleValueFromJsonArray". The following InputClaims were declared
in the Policy but were not expected by the TransformMethod:
[StringCollection]inputJsonClaim. The following InputClaims were
expected by the TransformMethod but were not declared in the Policy:
[String]inputJsonClaim.
It's complaining that my input is a collection of strings -which it is. The error says it wants a 'string' as input. The documentation also states that it wants a string. But then I'm confused how this should ever work with an array, as the name implies.
Essentially, I just want to return the email address in the id_token when using OpenID Connect. But with B2C it seems I can't set the mail field and it's null when I query for it. So, I've taken to using the otherEmails field. But I really only plan on storing a single email in it. Thus, I want to return the email claim as a single value claim, and not an array.
Update
After a bit more digging, I realized I can accomplish my goal without using a ClaimsTransformation. I can just map the 'signInNames.emailAddress' to 'email'.
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" PartnerClaimType="email"/>
You can use the GetSingleItemFromStringCollection claims transformation to get the first item in the string collection.
Working in Nintex, I have a workflow that is kicked off when a form is saved. The workflow generates a PDF version of the Nintex form (we need actual signatures - digital in the future, fingers crossed). This is done by updating a word template, then converting to PDF.
When the word document is updated, the 'assigned to:' field is getting an AD account name instead of the user's First, Last name (which is expected). Now I'm trying to format it so it's more appropriate to the Hard Copy (in the Nintex form, it shows as Last, First).
I used a Query User Profile action, passed it the same variable I was using to hold the form's 'assigned to' value, and then used the drop down menu to choose the user profile variables I wanted (First, Last, also: username, account name, Distinguish name). All values are generating empty strings.
I've incrementally tried handing the values to variables that are of type String, Person, or Collection. I also handed it my username instead of the variable and set my account info for the login. I've always selected values, so I don't think it's a typo.
I'm at a loss... the workflow emails the user at the end, so it's getting the data. I hope that's enough info, I'm new to SP/Nintex so it could be a rookie mistake. Any help is appreciated.
Thank you!
I've seen issues where the User Profile Service properties have not been configured adequately, which leads to a lot of empty variables when running an LDAP Query action for AD attributes.
If this is the case, then one approach is to get the Farm admin (if you don't have access) to take a look at Manage User Profiles in Central Admin and see what AD attributes are mapped to the user profile. If mappings are changed you'll need to run a full sync to bring over the values. It can be inconsistent in my experience as well.
I have two questions concerning ASP.Identity 2.0 "GenerateEmailConfirmationToken/GenerateEmailConfirmationTokenAsync" methods.
// Generate token
var token = Url.Encode(await UserManager.GenerateEmailConfirmationTokenAsync(user.Id));
Is this token stored in the database? I guess it should. But in which field? I just find "PasswordHash" and "SecurityStamp" on the User table. Both don't seem to match.
I was under the impression that once I generate an email token, the EmailConfirmed field of the User table would be set to false. But it stays true. So, what is the purpose of creating a token if the corresponding user account stays confirmed? Or in other words: What do I need to do in order to generate a new token AND also set the account to NOT confirmed?
To summarise the discussion in comments: tokens are not stored anywhere - they are crypto-generated (not exactly sure about exact process of generation) from SecruityStamp and when they are coming back, they can be de-crypted and compared.
As for EmailConfirmed field - this is for you to maintain and look after. You'll manually need to deny login for users with no confirmed email. And you'll need to set the flag when email confirmation does come through.