B2C App registration with custom SAML policy - configuring claims

0
votes

I created some custom policy for our SAML applications in Azure b2c. Now I want to edit the claims sent by azure b2c to application in SAMLResponse.

I added the claims in the trustframwworkbase:

  <ClaimType Id="TESTFELDSTRING">
    <DisplayName>TESTFELDSTRING</DisplayName>
    <DataType>string</DataType>
    <DefaultPartnerClaimTypes>
      <Protocol Name="OpenIdConnect" PartnerClaimType="TESTFELDSTRING" />
      <Protocol Name="SAML2" PartnerClaimType="TESTFELDSTRING" />
    </DefaultPartnerClaimTypes>
    <UserHelpText>Your TESTFELDSTRING name.</UserHelpText>
    <UserInputType>TextBox</UserInputType>
  </ClaimType>

And I changed my custom policy and added some new outputclaim there:

    <OutputClaim ClaimTypeReferenceId="TESTFELDSTRING" />

But the claim is still missing in my SAML responses.

I have one application which expects some information as SAML Claim and I do not see how to transmit it. On the "normal Azure AD" I will be able to configure the claims per app. So one app is sending other claims than another app. How to do this in azure b2c? I tried to add the claim inside the manifest of my app registration with:

"optionalClaims": {
    "saml2Token": [
        {
            "name": "TESTFELDSTRING",
            "source": null,
            "essential": false,
            "additionalProperties": []
        }
]

} But this is not working too. My transmitted attributes are:

    <saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
        <saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
                        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                        FriendlyName="Display Name"
                        >
            <saml:AttributeValue xsi:type="xs:string">XXX</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
                        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                        FriendlyName="Given Name"
                        >
            <saml:AttributeValue xsi:type="xs:string">XXX</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
                        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                        FriendlyName="Surname"
                        >
            <saml:AttributeValue xsi:type="xs:string">XXX</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
                        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
                        FriendlyName="Email Address"
                        >
            <saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="objectId"
                        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
                        FriendlyName="User's Object ID"
                        >
            <saml:AttributeValue xsi:type="xs:string">xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</saml:AttributeValue>
        </saml:Attribute>
    </saml:AttributeStatement>

Anyone a suggestion?

1
azuresamlazure-ad-b2cidp

1 Answers

0
votes

Did you follow this sample?

Did you add the new claims as output claims in the Technical profile?

Did you also add the new claims as output claims in the <RelyingParty> section?