I created some custom policy for our SAML applications in Azure b2c. Now I want to edit the claims sent by azure b2c to application in SAMLResponse.
I added the claims in the trustframwworkbase:
<ClaimType Id="TESTFELDSTRING">
<DisplayName>TESTFELDSTRING</DisplayName>
<DataType>string</DataType>
<DefaultPartnerClaimTypes>
<Protocol Name="OpenIdConnect" PartnerClaimType="TESTFELDSTRING" />
<Protocol Name="SAML2" PartnerClaimType="TESTFELDSTRING" />
</DefaultPartnerClaimTypes>
<UserHelpText>Your TESTFELDSTRING name.</UserHelpText>
<UserInputType>TextBox</UserInputType>
</ClaimType>
And I changed my custom policy and added some new outputclaim there:
<OutputClaim ClaimTypeReferenceId="TESTFELDSTRING" />
But the claim is still missing in my SAML responses.
I have one application which expects some information as SAML Claim and I do not see how to transmit it. On the "normal Azure AD" I will be able to configure the claims per app. So one app is sending other claims than another app. How to do this in azure b2c? I tried to add the claim inside the manifest of my app registration with:
"optionalClaims": {
"saml2Token": [
{
"name": "TESTFELDSTRING",
"source": null,
"essential": false,
"additionalProperties": []
}
]
} But this is not working too. My transmitted attributes are:
<saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
FriendlyName="Display Name"
>
<saml:AttributeValue xsi:type="xs:string">XXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
FriendlyName="Given Name"
>
<saml:AttributeValue xsi:type="xs:string">XXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
FriendlyName="Surname"
>
<saml:AttributeValue xsi:type="xs:string">XXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
FriendlyName="Email Address"
>
<saml:AttributeValue xsi:type="xs:string">XXX@XXX.XXX</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="objectId"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
FriendlyName="User's Object ID"
>
<saml:AttributeValue xsi:type="xs:string">xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
Anyone a suggestion?
Did you follow this sample ?
Did you add the new claims as output claims in the Technical profile?
Did you also add the new claims as output claims in the <RelyingParty>
section?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.