Comments (8)
chrispadgettlivecom
commented on July 21, 2024
4
The possible values for a boolean claim are "True" and "False" (i.e. the string representation of true and false).
from active-directory-b2c-advanced-policies.
LearnToCodeKM
commented on July 21, 2024
2
Changing my custom attribute to string worked.
Changing just the claim type did not help(it shows up error) , so added a new string custom attribute to and used it.
Thanks for all the help and I really mean it.
from active-directory-b2c-advanced-policies.
monty-dev
commented on July 21, 2024
This should execute the last orchestration step if myattributee is 'True'
I am unable to test this, i'd experiment with the case for 'true' in the precondition.
<OrchestrationStep Order="3" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="4" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>extension_myattributee</Value>
<Value>true</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="NewCredentials1" TechnicalProfileReferenceId="LocalAccountWritePasswordChangeUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>ΒΈ
from active-directory-b2c-advanced-policies.
LearnToCodeKM
commented on July 21, 2024
I tried it does not work. The behavior remains the same irrespective of the value of my custom attribute.
Below image depicts the value of my custom attribute. I have another user with my custom attribute being set to false.
from active-directory-b2c-advanced-policies.
monty-dev
commented on July 21, 2024
I just tested this in a B2C tenant and it successfully ran with the above snippet. I'd share your AAD-UserReadUsingObjectId profile with the change you made to retrieve this attribute.
from active-directory-b2c-advanced-policies.
LearnToCodeKM
commented on July 21, 2024
Here is my AAD-UserReadUsingObjectId
<TechnicalProfile Id="AAD-UserReadUsingObjectId"> <Metadata> <Item Key="Operation">Read</Item> <Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item> </Metadata> <IncludeInSso>false</IncludeInSso> <InputClaims> <InputClaim ClaimTypeReferenceId="objectId" Required="true" /> </InputClaims> <OutputClaims> <!-- Optional claims --> <OutputClaim ClaimTypeReferenceId="objectId" /> <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" /> <OutputClaim ClaimTypeReferenceId="displayName" /> <OutputClaim ClaimTypeReferenceId="otherMails" /> <OutputClaim ClaimTypeReferenceId="givenName" /> <OutputClaim ClaimTypeReferenceId="surname" /> <OutputClaim ClaimTypeReferenceId="city" /> <OutputClaim ClaimTypeReferenceId="postalCode" /> <OutputClaim ClaimTypeReferenceId="jobTitle" /> <OutputClaim ClaimTypeReferenceId="streetAddress" /> <OutputClaim ClaimTypeReferenceId="userPrincipalName" /> <OutputClaim ClaimTypeReferenceId="state" /> <OutputClaim ClaimTypeReferenceId="email" /> <OutputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="username" /> <OutputClaim ClaimTypeReferenceId="signInNames.username" /> <OutputClaim ClaimTypeReferenceId="newUser" /> <OutputClaim ClaimTypeReferenceId="extension_forcePasswordChange" /> </OutputClaims> <IncludeTechnicalProfile ReferenceId="AAD-Common" /> </TechnicalProfile>
AAD-Common
<TechnicalProfile Id="AAD-Common"> <DisplayName>Azure Active Directory</DisplayName> <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.AzureActiveDirectoryProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> <Metadata> <Item Key="ApplicationObjectId">appid</Item> <Item Key="ClientId">objectid</Item> </Metadata> <CryptographicKeys> <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" /> </CryptographicKeys> <!-- We need this here to suppress the SelfAsserted provider from invoking SSO on validation profiles. --> <IncludeInSso>false</IncludeInSso> <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" /> </TechnicalProfile>
I have followed the steps mentioned in the
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-create-custom-attributes-profile-edit-custom to create custom attributes.
from active-directory-b2c-advanced-policies.
monty-dev
commented on July 21, 2024
In your schema, i'm assuming you're setting your claim type data type to boolean? Try changing that to string and running the first snippit I sent. I tested against a string data type and it was working successfully. - Also post this claim type
from active-directory-b2c-advanced-policies.
monty-dev
commented on July 21, 2024
@parakhj for the sake of the community, can you comment on the ability to run preconditions against boolean data type claims within the User Journey? It appears 'true' and 'false' are not recognized when checking values.
from active-directory-b2c-advanced-policies.
Related Issues (20)
- Invalid client assertion
- user journey that does not create duplicate accounts HOT 5
- Account Linking example needs to be updated to use alternativeSecurityId HOT 16
- Custom policies getting mixed together HOT 2
- B2C SAML response with incorrect entityID HOT 2
- Validation errors do not communicate reason for failed validation HOT 1
- Clarification on claim transformation method HOT 1
- Is there any method to get MAC address of the user's system using custom policies? HOT 1
- Can I use two email addresses for MFA using custom policies? HOT 4
- Account-linking allows unlinking facebook which causes account-lockout.
- saml custom policy logout url
- How to create users with same email but with different in custom user attribute in Azure AD B2C? HOT 5
- How to check whether a user is exist in firebase before sending reset email? HOT 1
- Angular8/Vue custom component not loading in google sites in chrome browser
- Can we link both email and username for the local identities HOT 2
- Updated Source Code for WingTipGamesWebApplication HOT 1
- Azure AD B2C Password reset is not working HOT 1
- Connect existing user with external idp
- Append input Claim value to createstringclaim transformation InputParameter value
- Azure AD B2C witn LinkedIn UserFlow does not work
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from active-directory-b2c-advanced-policies.