CODEWITHSUNDEEP
azure-active-directory
EvenThis
EvenThis

Reputation: 333

AzureAD Custom Claims in token

I'm struggling with custom claims policy for one of applications. Basically, what I'm trying to do is to get AzureAD User property MailNickName in to uppercase and be included in JWT. At this point I really cannot see what I'm doing wrong.

This is custom policy which I'm expecting to do the job:

$policy1 = @('{
    "ClaimsMappingPolicy":{
        "Version":  1,
        "IncludeBasicClaimSet":  true,
        "ClaimsSchema":[
            {
                "Source":  "user",
                "ID":  "mailnickname"
            },   
            {
                "Source":"transformation",
                "ID":"testmailnickname",
                "TransformationId":"ChangeToUpper",
                "JwtClaimType":"mailnickname"
            }
        ],
        "ClaimsTransformations":[{
            "ID":"ChangeToUpper",
            "TransformationMethod":"ChangeCase",
            "InputClaims":[{
                "ClaimTypeReferenceId":"mailnickname",
                "TransformationClaimType":"inputClaim1"
            }], 
            "InputParameters":[{
                "ID":"toCase",
                "DataType":"string",
                "Value":"UPPER"
            }],
            "OutputClaims":[{
                "ClaimTypeReferenceId":"testmailnickname",
                "TransformationClaimType":"outputClaim"
            }]
        }]
    }
}')

However, when checking what's inside JWT, I basically get nothing. I was trying with other policies, for instance found example which suppose to add "sandbox" to MailNickName - it really works.

$policy2 = @('{
    "ClaimsMappingPolicy":{
        "Version":1,
        "IncludeBasicClaimSet":"true", 
        "ClaimsSchema":[{
            "Source":"user",
            "ID":"mailnickname"
        },{
            "Source":"transformation",
            "ID":"DataJoin",
            "TransformationId":"JoinTheData",
            "JwtClaimType":"JoinedData"
        }],
        "ClaimsTransformations":[{
            "ID":"JoinTheData",
            "TransformationMethod":"Join",
            "InputClaims":[{
                "ClaimTypeReferenceId":"mailnickname",
                "TransformationClaimType":"string1"}], 
                "InputParameters": [{
                    "ID":"string2",
                    "Value":"sandbox"
                },{
                    "ID":"separator",
                    "Value":"."
                }],
                "OutputClaims":[{
                    "ClaimTypeReferenceId":"DataJoin",
                    "TransformationClaimType":"outputClaim"
                }]
            }]
        }
    }')

When having this policy created, we are assigning it to our App Registration.

$pol =  New-AzureADPolicy -Definition ($policy1) -DisplayName ("Policy_Test_1" + ([System.Guid]::NewGuid().guid)) -Type "ClaimsMappingPolicy" -IsOrganizationDefault $false
Add-AzureADServicePrincipalPolicy -Id $SP.ObjectId -RefObjectId $pol.Id

Basing on MS documentation regarding this topic, everything seems to be fine, but still doesn't get uppercased MailNickName value inside the token. This means that I'm doing something wrong, but I really cannot see my mistake.

Upvotes: 0

Views: 788

Answers (1)

AlfredoRevilla-MSFT
AlfredoRevilla-MSFT

Reputation: 3505

the referred documentation is for Azure AD B2C, Microsoft CIAM. For Azure AD the available transformations methods are Join and ExtractMailPrefix.

Upvotes: 1

Related Questions