Reputation: 46753
Azure AD B2C - Raising an error on AAD-UserReadUsingEmailAddress using a compare
My use case is that I want to raise an error on the TP AAD-UserReadUsingEmailAddress.
I tried using "UserMessageIfClaimsTransformationBooleanValueIsNotEqual". That didn't work
Reading the documentation this must be derived from a self asserted TP which AAD-UserReadUsingEmailAddress isn't.
The other way would be to use something like "RaiseErrorIfClaimsPrincipalDoesNotExist" or "RaiseErrorIfClaimsPrincipalAlreadyExists" that throws an error if the claim is there or isn't.
But I want to throw an error like "RaiseErrorIfBooleanValueIsNotEqual" if the claim is not equal to a value. The claim will always exist.
Is there a way to do this?
Update
The first element of my user journey is:
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="ReadEmailAddress" TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress" />
</ClaimsExchanges>
</OrchestrationStep>
Upvotes: 4
Views: 2429
Answers (1)
Reputation: 14704
This can be implemented using the AssertBooleanClaimIsEqualToValue claims transformation.
- Declare the claims transformation:
<ClaimsTransformation Id="AssertTheClaimIsEqualToTheValue" TransformationMethod="AssertBooleanClaimIsEqualToValue">
<InputClaims>
<InputClaim ClaimTypeReferenceId="your-claim-id" TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter Id="valueToCompareTo" DataType="boolean" Value="[true|false]" />
</InputParameters>
</ClaimsTransformation>
- Invoke this claims transformation from the AAD-UserReadUsingEmailAddress technical profile:
<TechnicalProfile Id="AAD-UserReadUsingEmailAddress">
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="AssertTheClaimIsEqualToTheValue" />
</OutputClaimsTransformations>
</TechnicalProfile>
If the claim value isn't equal to the expected value, then an exception is thrown.
The self-asserted technical profile that invokes the AAD-UserReadUsingEmailAddress technical profile can display an error message for this exception using UserMessageIfClaimsTransformationBooleanValueIsNotEqual.
Upvotes: 5
Related Questions
- AD B2C compareClaims throws internal server error
- Azure b2c throwing undefined error which is vague error and should be user/email exists error?
- azure-ad-b2c - How to check if email and phone number match an existing user
- Azure B2C check user exist or not?
- Azure AD B2C doesn't check if email exists
- Verify email address using AD B2C?
- Error when retrieving user using strongAuthenticationEmailAddress
- B2C - "Invalid password" when it is valid
- Azure B2B gives an error for some emails
- AAD B2C doesn't authenticate correctly