The B2C_1A_Claim_UserInputTypes_All live demo and all unit tests that have a TextBox user input type can not have the exact same self asserted input display reproduced by using the Claim_UserInputTypes_All.xml policy definition.

How to reproduce: Deploy the sample pack's TrustFrameworkBase, TrustFrameworkLocalization, and TrustFrameworkExtensions and then find and ensure the api.selfasserted ContentDefinition page version is set to 2.1.7 using the AzureBlue template to match the version found in the unit tests as such:

<!-- Ensure api.selfasserted in the sample pack's TrustFrameworkBase.xml matches the following: -->
<ContentDefinitions>
  <ContentDefinition Id="api.selfasserted">
    <LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri>
  </ContentDefinition>
</ContentDefinitions>

This results in the following differences (unit test on the right, local on left), most notably the <label> element is completely missing on TextBox content types:

Can the TrustFrameworkBase.xml, TrustFrameworkLocalization.xml, TrustFrameworkExtensions.xml files, any template modifications or other configuration needed to reproduce these unit tests 1:1 please be added to this repository?

(deleted and closed, created by mistake)

live demo Live demo

AADB2C90289: We encountered an 'invalid_client' error connecting to the identity provider. Please try again later.
Correlation ID: 6eb66fe2-4201-43fa-a2a8-72b994757fa5
Timestamp: 2024-04-18 09:42:50Z

How do I extract a string collection if I have a json like:
[
{ key:key1, value:value1},
{ key:key2, value:value2},
........
{ key:keyN, value:valueN},
]

I need the transformed claim to be like [value1,value2,...valueN]

Repro steps:

• Go to the live demo for the integer claims transformations here: https://b2clivedemo.b2clogin.com/b2clivedemo.onmicrosoft.com/B2C_1A_CT_AssertNumber/oauth2/v2.0/authorize?client_id=cfaf887b-a9db-4b44-ac47-5efff4e2902c&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&prompt=login
• In the drop down select any of the transformations that contain "equal to 20" (less than or equal to, greater than or equal to, equal to)
• click continue button
• transformation fails with the message "The assertion failed! Check the value you provided is fits to the predefined target 20."

Expected result: the transform would return TRUE for 20=20, 20<=20, 20>=20 instead of failing.

Greetings,

I've been attempting to wire up Azure Container App Service (ACA) with my B2C tenant and have run across an issue. ACA provides out of the box auth mechanisms for multiple identity providers including OIDC, AAD, Google, Apple etc. However, the callback url convention they've adopted requires a certain format, namely like so: https://.....xyz/.auth/login/aad/callback. What I've discovered through painful trial and error is that BC2 doesn't like the '.' in the callback url and when the case arises it falls back to a default callback url and simply ignores the user provided url. So, then the '/.auth ends getting overwritten with 'azure-ad-b2c'. Is this intentional and can it be overridden or addressed in some fashion?

Thx!

I was linked to this repo from this guide:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/claim-resolver-overview#saml

I am unable to see this line getting used in the policy:
https://github.com/azure-ad-b2c/unit-tests/blob/1e49bfcc94eb86a5b570a2efec1ad520882e0d56/claims-resolver/CR_SAML.xml#LL158C18-L158C18

I tried adding to the url to maybe make it show up like:
https://samltestapp2.azurewebsites.net/SP?abc=123

but I don't see how to create a situation in which that output claim is populated.

I have also tried using it in my own custom policy in both an SP and IdP initiated flows and can't seem to get it to work.

Can the test app be updated to show the RelayState claims resolver working?

Thanks

P.S. Unrelated but also important to me. If there was a claims resolver to get the ID attribute from the saml response or request that would be really useful? I'd like to use it to make sure a response in an IdP initiated SSO is only ever used once, but as of right now none of the claims resolvers give me something that would be unique per response which makes this difficult.

I have a cartain issue regarding mapping from a JSON response into custom policy claims. I have been through many documentation and examples regarding JSON transformation and extracting claims from JSON, but could not find any hint on my specific JSON format. I am thankful for any solutions and hints, as I really don't know how to access the data within the JSON properly.

The JSON to extract claims from looks like this:
[{"account_id":"0925", "first_name":"TestFirst", "last_name":"TestLast", "mail":"[email protected]"}]

The only thing I want to achieve is to extract "account_id", "first_name", "last_name" and "mail" into claims to show them in the JWt issuer, like you have already provided similar approaches to other JSON extraction examples in your unit tests.

I really appreciate any guidance on this topic

in unit-tests/claims-transformation/string/CT_CompareClaimToValue.xml

the CT "CheckStrings-Equal" doesn't conform to the documentation..

https://docs.microsoft.com/en-us/azure/active-directory-b2c/string-transformations#compareclaimtovalue

the input parameter 'ignoreCase' is documented as being DataType "boolean" but if you use boolean, you get an error similar to

"Message": "Execution of ClaimsTransformationImpl of Type "Microsoft.Cpim.Data.Transformations.EqualityTransformation" for TransformationMethod "CompareClaimToValue" of ClaimsTransformation with id "xxxxxxx" in policy "B2C_1A_P1_V1_SuSi_UAT" of tenant "xxxxxxxx.onmicrosoft.com" threw an exception with the following message: Unable to cast object of type 'System.Boolean' to type 'System.String'.",

  <ClaimsTransformation Id="CheckStrings-Equal" TransformationMethod="CompareClaimToValue">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="inputString" TransformationClaimType="inputClaim1" />
        </InputClaims>
        <InputParameters>
          <InputParameter Id="compareTo" DataType="string" Value="ABC" />
          <InputParameter Id="operator" DataType="string" Value="equal" />
          <InputParameter Id="ignoreCase" DataType="string" Value="true" />
        </InputParameters>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="result" TransformationClaimType="outputClaim" />
        </OutputClaims>
      </ClaimsTransformation>

So the code sample is correct, but the docs are incorrect on this point..

Hi,

I was looking at https://github.com/azure-ad-b2c/unit-tests/blob/main/claims-transformation/string/CT_StringSubstring.xml to provide me with first 20 characters. But it fails when the string length is less than 20 characters.

Is it possible possible to achieve this?

Thanks,
Shridhar