Reputation: 176
How to Pass User Input Values from One Technical Profile to Another in Azure AD B2C Custom Policy?
I'm working on a custom policy in Azure AD B2C and I'm trying to pass user input values from one technical profile to another within the orchestration steps. Specifically, I have a self-asserted technical profile for user sign-in where the user enters their email and password. After obtaining these values, I need to pass them to a REST API technical profile to make a request and validate the user against a custom database.
I've tried using ClaimsTransformations within the orchestration steps, but I haven't been successful.
These are the 2 technical profiles.
<TechnicalProfile Id="REST-API-SignUp">
<DisplayName>Validate user's input data and return loyaltyNumber claim</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ServiceUrl">https://146a-112-134-225-150.ngrok-free.app/api/auth/login</Item>
<Item Key="AuthenticationType">None</Item>
<Item Key="SendClaimsIn">Body</Item>
</Metadata>
</TechnicalProfile>
<!-- This technical profile uses a validation technical profile to authenticate the user. -->
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
<DisplayName>Local Account Signin</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="SignUpTarget">SignUpWithLogonEmailExchange</Item>
<Item Key="setting.operatingMode">Email</Item>
<Item Key="ContentDefinitionReferenceId">api.localaccountsignin</Item>
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" />
<InputClaim ClaimTypeReferenceId="password" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
<OutputClaim ClaimTypeReferenceId="password" Required="true" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
These are the orchestration steps.
<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange" ContentDefinitionReferenceId="api.localaccountpasswordreset">
<ClaimsProviderSelections>
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="RestApiSignUp" TechnicalProfileReferenceId="REST-API-SignUp" />
</ClaimsExchanges>
</OrchestrationStep>
Can anyone provide guidance on the correct approach to achieve this? Is there a specific method or configuration that needs to be followed to pass user input values between technical profiles in Azure AD B2C custom policies?
Upvotes: 0
Views: 151
Answers (1)
Reputation: 46773
Just make email and password input claims in the API.
Refer to this.
But beware. "password" is only available in the sign-in TP.
So you need to copy it via OutputTransformation to some other value and use that in the API.
Also, step 2 seems wrong:
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="RestApiSignUp" TechnicalProfileReferenceId="REST-API-SignUp" />
</ClaimsExchanges>
</OrchestrationStep>
Upvotes: 1
Related Questions
- B2C - Impersonate Custom Policy - Is it possible to return any other value other than email of impersonated user?
- How to conditionally transform signInName claim in Azure B2C custom policy
- AD B2C Custom Policy increment number of failed login attempts
- How to troubleshoot validation errors in Azure Active Directory B2C custom attributes
- how to get OAuth2 bearer access token in b2c custom policy to send claims to My REST API during signin sign up custom policy
- Azure B2C custom policy - Is there a way to display a claim in a ClaimsProviderSelection orchestration step
- Azure AD B2C Custom Policy: REST technical profile validation doesn't work
- Azure B2C Custom Reset Password Policy
- Persisting strongAuthenticationEmailAddress, resets strongAuthenticationPhoneNumber and vice-versa in Azure B2C custom policy
- AAD B2C Migration - ROPC Sign In Custom Policy with Rest-API Integ with Legacy IDP - Is that supported?