Reputation: 23
AzureB2C Custom Policy - 2 Factor Authentication, mobile number not shown
im stuck for days in an AzureAD custom policy for 2-Factor Authentication login. I design a log in user journey where after "e-mail address and password" in the next orchestration step the users (stored) phone number shall be displayed such that an SMS via a 3rd party provider I want to integrate is sent. After username and password are correctly evaluated I also get forwarded to my 2-factor-authentication page. But there I don't get my mobile phone number displayed. I know it is there, when I have AppInsights running I see it in the logs, but don't know how to grab it:
I use the technical profile "AAD-UserReadUsingObjectId" to get the mobile or strongAuthenticationPhoneNumber variable.
<TechnicalProfile Id="AAD-UserReadUsingObjectId">
<Metadata>
<Item Key="Operation">Read</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" Required="true" />
</InputClaims>
<OutputClaims>
<!-- Optional claims -->
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="otherMails" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surname" />
<!-- <OutputClaim ClaimTypeReferenceId="mobile" /> -->
<OutputClaim ClaimTypeReferenceId="strongAuthenticationPhoneNumber" />
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
</TechnicalProfile>`
and in the next orchestration step i want to display it by using a technical profile Custom-SMS`
<TechnicalProfile Id="Custom-SMS-Verify">
<DisplayName>Custom-SMS-Verify</DisplayName>
<Protocol Name="Proprietary"
Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="IpAddressClaimReferenceId">IpAddress</Item>
<Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
<Item Key="language.button_continue">Continue</Item>
<Item Key="UserMessageIfClaimsTransformationStringsAreNotEqual">Incorrect
verification code. Try again.</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="strongAuthenticationPhoneNumber"
AlwaysUseDefaultValue="true" /> <!--AlwaysUseDefaultValue="true" -->
</InputClaims>
<DisplayClaims>
<DisplayClaim ClaimTypeReferenceId="strongAuthenticationPhoneNumber" Required="true"
/>
<DisplayClaim DisplayControlReferenceId="phoneVerificationControl-readOnly" />
<DisplayClaim DisplayControlReferenceId="phoneVerificationControl" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="phoneNumberString" Required="true" />
<OutputClaim ClaimTypeReferenceId="strongAuthenticationPhoneNumber" Required="true"
/>
<OutputClaim ClaimTypeReferenceId="newPhoneNumberEntered" DefaultValue="true" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-MFA" />
</TechnicalProfile>
</TechnicalProfiles>
The username+pw login works, it also directs me to the next page for the two-factor-Authentication but I always just get and empty field type in a telephone number or get some default-value I set displayed but I can't get the variable "mobile" or "strongAuthenticationPhoneNumber" shown. Anyone who solved this, it sounds like a pretty standard. This is where I got the the custom-sms-verify technical profile from: https://github.com/azure-ad-b2c/samples/blob/master/policies/twilio-mfa-psd2/policy/StepUpPSD2/TrustFrameworkExtensionsPSD2StepUp.xml
And this is how currently the three Display Claims in "Custom-sms-verify" look like...no filled in mobile phone number anywhere, just textboxes.
(I use a custom div='api' but this of course just changes how it looks like compared to e.g. AzureBlue design)
Best regards, Lukas
Upvotes: 0
Views: 23
Answers (0)
Related Questions
- How to user AdditionalRequestQueryParameters metadata param in OAuth2 technical profile
- Why is SSO not working correctly for Azure AD B2C custom policies
- AD B2C Custom Policy increment number of failed login attempts
- Azure B2C Just in Time (JIT) migration writing MFA phone and MFA email to user profile
- Add phone call only MFA to custom policy
- How to troubleshoot validation errors in Azure Active Directory B2C custom attributes
- Persisting strongAuthenticationEmailAddress, resets strongAuthenticationPhoneNumber and vice-versa in Azure B2C custom policy
- Using ADB2C phone factor technical profile to validate a phone number before creating an account