search

Azure-Samples / active-directory-b2c-advanced-policies

Sample for use with Azure AD B2C with Custom Policies.
http://aka.ms/aadb2ccustom
MIT License
218 stars 143 forks source link

OutputClaimsTransformation identityProvider DefaultValue ignored #39

Closed mkonars closed 5 years ago

mkonars commented 5 years ago

Hi, I am using the following profile to authenticate against login.microsoft.com:

live.com Microsoft Account Microsoft Account XXX 0 https://login.microsoftonline.com/myTenantId/v2.0/.well-known/openid-configuration code openid profile form_post POST true https://login.microsoftonline.com ` and I want to set a fixed value for `identityProvider` to `live.com` However, the engine seems to ignore my `DefaultValue` claim mapping `` and it keeps reading the value from `idp` claim. Here is an extract from Application Insights trace: `""Key"": ""OutputClaimsTransformation"", ""Value"": { ""Values"": [ { ""Key"": ""MappingFromPartnerClaimType"", ""Value"": { ""PartnerClaimType"": ""idp"", ""PolicyClaimType"": ""identityProvider"" } }, ` For other claims it works ok. Or if I instead try to map from a "fake" claim. `` Is there something special about this `identityProvider` claim?
chrispadgettlivecom commented 5 years ago

Rather than using the "fake" claim, you can use the AlwaysUseDefaultValue attribute:

<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="live.com" AlwaysUseDefaultValue="true" />

mkonars commented 5 years ago

Hi, I didn't know that such attribute exists. Now googling it, I have found also the documentation and there it states

If the PartnerClaimType attribute is not specified, then the specified policy claim type is mapped to the partner claim type of the same name

So now it all makes sense. Thank you Chris.