Issues with an Azure AD B2C self-asserted page calling a ValidationTechnicalProfile

Puzzling image

I’ve had a number of issues with a self-asserted page calling a validation TP.

In the validation TP, I set a flag.

Later on in the user journey, I test the flag but it never seems to be set.

e.g. the validation TP has something like:

<TechnicalProfile Id="regexAnalysisSignInName">
<DisplayName>Check signInName for digits</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=, Culture=neutral, PublicKeyToken=null"/>
<InputClaim ClaimTypeReferenceId="signInName"/>
<OutputClaim ClaimTypeReferenceId="isLoyaltyBoolean"/>
<OutputClaimsTransformation ReferenceId="isLoyaltyRegex"/>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>

where “isLoyaltyRegex” tests the “signInName” for digits (i.e. you can sign in with your loyalty number).

(The regex is “^[0–9]+$” ).

And then I would have something like:

<OrchestrationStep Order="x" Type="ClaimsExchange">
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">

and “isLoyaltyBoolean” would never be set 😒

Then I came across this post.

The key is:

“Claims that are declared as output from a validation technical profile and the self-asserted technical profile that refers to this validation technical profile are passed to other orchestration steps”.

In other words, “isLoyaltyBoolean” has to be an output claim in the self-asserted TP that calls this validation TP!

All good!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rory Braybrook

Rory Braybrook

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: Presentations: