Επεξεργασία

Κοινή χρήση μέσω


Boolean claims transformations

This article provides examples for using the boolean claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). For more information, see claims transformations.

AndClaims

Computes an And operation of two boolean input claims, and sets the output claim with result of the operation. Check out the Live demo of this claims transformation.

Element TransformationClaimType Data Type Notes
InputClaim inputClaim1 boolean The first claim to evaluate.
InputClaim inputClaim2 boolean The second claim to evaluate.
OutputClaim outputClaim boolean The claim that will be produced after this claims transformation has been invoked (true or false).

Example of AndClaims

The following claims transformation demonstrates how to And two boolean claims: isEmailNotExist, and isSocialAccount. The output claim presentEmailSelfAsserted is set to true if the values of both input claims are true.

<ClaimsTransformation Id="CheckWhetherEmailBePresented" TransformationMethod="AndClaims">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="isEmailNotExist" TransformationClaimType="inputClaim1" />
    <InputClaim ClaimTypeReferenceId="isSocialAccount" TransformationClaimType="inputClaim2" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="presentEmailSelfAsserted" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>
  • Input claims:
    • inputClaim1: true
    • inputClaim2: false
  • Output claims:
    • outputClaim: false

AssertBooleanClaimIsEqualToValue

Checks that boolean values of two claims are equal, and throws an exception if they aren't. Check out the Live demo of this claims transformation.

Element TransformationClaimType Data Type Notes
inputClaim inputClaim boolean The claim to be checked.
InputParameter valueToCompareTo boolean The value to compare (true or false).

The AssertBooleanClaimIsEqualToValue claims transformation is always executed from a validation technical profile that is called by a self-asserted technical profile. The UserMessageIfClaimsTransformationBooleanValueIsNotEqual self-asserted technical profile metadata controls the error message that the technical profile presents to the user. The error messages can be localized.

Diagram shows how to use the AssertStringClaimsAreEqual claims transformation.

Example of AssertBooleanClaimIsEqualToValue

The following claims transformation demonstrates how to check the value of a boolean claim with a true value. If the value of the accountEnabled claim is false, an error message is thrown.

<ClaimsTransformation Id="AssertAccountEnabledIsTrue" TransformationMethod="AssertBooleanClaimIsEqualToValue">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="accountEnabled" TransformationClaimType="inputClaim" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="valueToCompareTo" DataType="boolean" Value="true" />
  </InputParameters>
</ClaimsTransformation>
  • Input claims:
    • inputClaim: false
    • valueToCompareTo: true
  • Result: Error thrown

Calling the AssertBooleanClaimIsEqualToValue claims transformation

The following Example-AssertBoolean validation technical profile calls the AssertAccountEnabledIsTrue claims transformation.

<TechnicalProfile Id="Example-AssertBoolean">
  <DisplayName>Unit test</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="ComparisonResult" DefaultValue="false" />
  </OutputClaims>
  <OutputClaimsTransformations>
    <OutputClaimsTransformation ReferenceId="AssertAccountEnabledIsTrue" />
  </OutputClaimsTransformations>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>

The self-asserted technical profile calls the validation Example-AssertBoolean technical profile.

<TechnicalProfile Id="SelfAsserted-AssertDateTimeIsGreaterThan">
  <DisplayName>Example</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
    <Item Key="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">Custom error message if account is disabled.</Item>
  </Metadata>
  ...
  <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="Example-AssertBoolean" />
  </ValidationTechnicalProfiles>
</TechnicalProfile>

CompareBooleanClaimToValue

Checks that boolean value of a claim is equal to true or false, and return the result of the compression. Check out the Live demo of this claims transformation.

Element TransformationClaimType Data Type Notes
InputClaim inputClaim boolean The claim to be compared.
InputParameter valueToCompareTo boolean The value to compare (true or false).
OutputClaim compareResult boolean The claim that is produced after this claims transformation has been invoked.

Example of CompareBooleanClaimToValue

The following claims transformation demonstrates how to check the value of a boolean claim with a true value. If the value of the IsAgeOver21Years claim is equal to true, the claims transformation returns true, otherwise false.

<ClaimsTransformation Id="AssertAccountEnabled" TransformationMethod="CompareBooleanClaimToValue">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="IsAgeOver21Years" TransformationClaimType="inputClaim" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="valueToCompareTo" DataType="boolean" Value="true" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim  ClaimTypeReferenceId="accountEnabled" TransformationClaimType="compareResult"/>
  </OutputClaims>
</ClaimsTransformation>
  • Input claims:
    • inputClaim: false
  • Input parameters:
    • valueToCompareTo: true
  • Output claims:
    • compareResult: false

NotClaims

Computes a Not operation of the boolean input claim and sets the output claim with result of the operation. Check out the Live demo of this claims transformation.

Element TransformationClaimType Data Type Notes
InputClaim inputClaim boolean The claim to be operated.
OutputClaim outputClaim boolean The claim that is produced after this claims transformation has been invoked (true or false).

Example of NotClaims

The following claims transformation demonstrates how to perform logical negation on a claim.

<ClaimsTransformation Id="CheckWhetherEmailBePresented" TransformationMethod="NotClaims">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="userExists" TransformationClaimType="inputClaim" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="userExists" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>
  • Input claims:
    • inputClaim: false
  • Output claims:
    • outputClaim: true

OrClaims

Computes an Or of two boolean claims and sets the output claim with result of the operation. Check out the Live demo of this claims transformation.

Element TransformationClaimType Data Type Notes
InputClaim inputClaim1 boolean The first claim to evaluate.
InputClaim inputClaim2 boolean The second claim to evaluate.
OutputClaim outputClaim boolean The claim that will be produced after this claims transformation has been invoked (true or false).

Example of OrClaims

The following claims transformation demonstrates how to Or two boolean claims.

<ClaimsTransformation Id="CheckWhetherEmailBePresented" TransformationMethod="OrClaims">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="isLastTOSAcceptedNotExists" TransformationClaimType="inputClaim1" />
    <InputClaim ClaimTypeReferenceId="isLastTOSAcceptedGreaterThanNow" TransformationClaimType="inputClaim2" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="presentTOSSelfAsserted" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>
  • Input claims:
    • inputClaim1: true
    • inputClaim2: false
  • Output claims:
    • outputClaim: true

Next steps