B2C SSO issues with additional SAML claim

Question

We're currently trying to connect with a service provider using SAML (we did this a few months back with another service provider and it all went fine). This time we're required to send a claim containing the employeeId.

We're using custom policies and local accounts, so we've created a new claim for the employeeId, and also created a new SignUpOrSignIn policy and added an employeeId OutputClaim to that. We've also added an employeeId OutputClaim to the SelfAsserted-LocalAccountSignin-Email technical profile, which is used by all of our SignUpOrSignIn policies, and created another Saml2AssertionIssuer technical profile so that it didn't interfere with the other one, which contained an IssuerUri specific to the other service provider. The updated policies have been successfully uploaded to B2C.

The service provider is still setting things up at their end so we haven't been able to test it yet. However, the policy changes have now broken the login process to all our dev SSO sites. We don't even get the chance to login as when we visit any of the sites we just get a blank screen or, in the case of the other service provider using SAML, an 'Invalid Response' message. As soon as we remove the employeeId OutputClaim the sites start working again.

I've attached the changes we have made to our custom policies. Any help would be greatly appreciated. 110629-custom-policy-changes.xml

Answer 1

Adding DefaultValue="" to the employeeId claim seems to have resolved the issue, so hopefully everything will go smoothly when we're able to start fully testing.