Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

While uploading the Azure B2C custom policy for TrustFrameworkExtensions, encountered an validation schema error when calling the REST API #164

Open
siranjeevimurugesan opened this issue Sep 6, 2024 · 0 comments
Open

While uploading the Azure B2C custom policy for TrustFrameworkExtensions, encountered an validation schema error when calling the REST API #164

siranjeevimurugesan opened this issue Sep 6, 2024 · 0 comments

Comments

@siranjeevimurugesan
Copy link

I created an Azure B2C custom policy. While uploading the TrustFrameworkExtensions policy, I encountered a schema validation error when the TechnicalProfile for the the REST API. However, the policy uploads successfully when the TechnicalProfile for the REST API is excluded.

XML File:

`

devrrpcb2c.onmicrosoft.com B2C_1A_TrustFrameworkLocalization Is Allowed boolean Indicates if the user is allowed to proceed 
  <!-- Add errorMessage ClaimType -->
  <ClaimType Id="errorMessage">
    <DisplayName>Error Message</DisplayName>
    <DataType>string</DataType>
    <DefaultPartnerClaimTypes>
      <Protocol Name="OAuth2" PartnerClaimType="errorMessage" />
    </DefaultPartnerClaimTypes>
    <UserHelpText>Contains any error messages from the API or process</UserHelpText>
  </ClaimType>
</ClaimsSchema>
Local Account SignIn clientid tokenid 
<ClaimsProvider>
  <DisplayName>Rest API Validate Domain</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="REST-ValidateEmailDomain">
      <DisplayName>Validate Email Domain</DisplayName>
      <Protocol Name="Proprietary"
        Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine">
        <Metadata>
          <Item Key="ServiceUrl">
            https://myapi.com/api/authentication/validatecompanydomain</Item>
          <Item Key="AuthenticationType">None</Item>
          <Item Key="HttpBinding">GET</Item>
          <Item Key="ContentType">application/json</Item>
          <Item Key="SendClaimsIn">Body</Item>
        </Metadata>
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="email" />
        </InputClaims>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="isAllowed" />
          <OutputClaim ClaimTypeReferenceId="errorMessage" />
        </OutputClaims>
        <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
      </Protocol>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

<ClaimsProvider>
  <DisplayName>Azure Active Directory</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="AAD-Common">
      <Metadata>
        <Item Key="ApplicationObjectId">ObjectId</Item>
        <Item Key="ClientId">ClietnId</Item>
      </Metadata>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

    <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp"
      ContentDefinitionReferenceId="api.signuporsignin">
      <ClaimsProviderSelections>
        <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
      </ClaimsProviderSelections>
      <ClaimsExchanges>
        <ClaimsExchange Id="LocalAccountSigninEmailExchange"
          TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
      </ClaimsExchanges>
    </OrchestrationStep>

    <OrchestrationStep Order="2" Type="ClaimsExchange">
      <Preconditions>
        <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
          <Value>objectId</Value>
          <Action>SkipThisOrchestrationStep</Action>
        </Precondition>
      </Preconditions>
      <ClaimsExchanges>
        <ClaimsExchange Id="SignUpWithLogonEmailExchange"
          TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
      </ClaimsExchanges>
    </OrchestrationStep>

    <!-- This step reads any user attributes that we may not have received when in the token. -->
    <OrchestrationStep Order="3" Type="ClaimsExchange">
      <ClaimsExchanges>
        <ClaimsExchange Id="AADUserReadWithObjectId"
          TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
      </ClaimsExchanges>
    </OrchestrationStep>

    <OrchestrationStep Order="4" Type="ClaimsExchange">
      <Preconditions>
        <Precondition Type="ClaimEquals" ExecuteActionsIf="false">
          <Value>isAllowed</Value>
          <Value>True</Value>
          <Action>SkipThisOrchestrationStep</Action>
        </Precondition>
      </Preconditions>
      <ClaimsExchanges>
        <ClaimsExchange Id="ValidateEmailDomain"
          TechnicalProfileReferenceId="REST-ValidateEmailDomain" />
      </ClaimsExchanges>
    </OrchestrationStep>

    <OrchestrationStep Order="5" Type="SendClaims"
      CpimIssuerTechnicalProfileReferenceId="SelfAsserted-Error">
      <Preconditions>
        <Precondition Type="ClaimEquals" ExecuteActionsIf="true">
          <Value>isAllowed</Value>
          <Value>False</Value>
          <Action>SkipThisOrchestrationStep</Action>
        </Precondition>
      </Preconditions>
    </OrchestrationStep>

    <OrchestrationStep Order="6" Type="SendClaims"
      CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />

  </OrchestrationSteps>
  <ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>
`

image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@siranjeevimurugesan