Issue with “ClaimEquals” in Azure AD B2C

cloud compare by iconeu from the Noun Project

There’s a gotcha with this when you use “ClaimEquals” with B2C custom policies.

Assume you have a claim that you read from B2C e.g. extension_ClaimInB2C and the user types some text into a TextBox e.g. ClaimFromTB and you want to compare the two in a user journey.

Both are defined as strings.

Assume ClaimInB2C = “aaa” and the user types in “aaa” ( = ClaimFromTB).

So something like this is the user journey:

<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>extension_ClaimInB2C</Value>
<Value>ClaimFromTB</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>

This will not be equal!!!

<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>extension_ClaimInB2C</Value>
<Value>aaa</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>

This will be equal!!!

So “canned” values are OK but not strings even though they are the same value.

You need to do a ClaimsTransformation for “CompareClaims” in your TechnicalProfile.

<ClaimsTransformation Id="CheckTextMatches" TransformationMethod="CompareClaims">
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_ClaimInB2C" TransformationClaimType="inputClaim1"/>
<InputClaim ClaimTypeReferenceId="ClaimFromTB" TransformationClaimType="inputClaim2"/>
</InputClaims>
<InputParameters>
<InputParameter Id="operator" DataType="string" Value="EQUAL"/>
<InputParameter Id="ignoreCase" DataType="string" Value="true"/>
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="ClaimEqual" TransformationClaimType="outputClaim"/>
</OutputClaims>
</ClaimsTransformatio

and then:

<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>ClaimEqual</Value>
<Value>True</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>

This works.

All good!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rory Braybrook

Rory Braybrook

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5