Azure B2C claims transformation, GetClaimFromJson, for standart OpenID Connect provider

Question

Azure B2C claims transformation, GetClaimFromJson, for standart OpenID Connect provider

Yauh Ask 0



It looks like claims in Json Object as:

{
  "address": {
    "locality": "Brussels",
    "street_address": "Cookie street 103",
    "postal_code": "1000",
    "formatted": "Cookie street 103 1000 Brussels"
  }
}

can not be interpreted by Azure B2C. I struggle with claims transformation instruction to validate in reality. Ref https://learn.microsoft.com/en-us/azure/active-directory-b2c/json-transformations#getclaimfromjson & https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation/json

From github I see they use ExperimentalTechnicalProfile, would it mean it is not applicable for Openid Connect providers? How would you write a claim transformation config within base.xml for example above to parse if Openid Connect should work?

I tried multiple configuration, expecting Json object transformed to strings. But instead Azure errors with exception page.

James Hamil 27,221 Reputation points Microsoft Employee Moderator

2023-08-02T19:02:32.8+00:00

Hi @Yauh Ask , did you need any more help with this question? If not could you please mark "Accept Answer" on the appropriate answer so other users can reference it?

Thank you,

James
Yauh Ask 0 Reputation points

2023-08-04T13:10:33.69+00:00

Hello James,

Would be cool if you can reply to my last comment.

Cheers,

Yauh

1 answer

Your answer

James Hamil 27,221 Reputation points Microsoft Employee Moderator

2023-08-02T19:02:32.8+00:00

Hi @Yauh Ask , did you need any more help with this question? If not could you please mark "Accept Answer" on the appropriate answer so other users can reference it?

Thank you,

James
Yauh Ask 0 Reputation points

2023-08-04T13:10:33.69+00:00

Hello James,

Would be cool if you can reply to my last comment.

Cheers,

Yauh

Answer 1

James Hamil 27,221 Microsoft Employee Moderator

Hi @Yauh Ask , try using the GetClaimFromJson transformation method. Here's a sample configuration for parsing the formatted field from the JSON object:

<ClaimsTransformation Id="GetFormattedAddressFromJson" TransformationMethod="GetClaimFromJson">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="addressJson" TransformationClaimType="inputJson" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="claimToExtract" DataType="string" Value="address.formatted" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="formattedAddress" TransformationClaimType="extractedClaim" />
  </OutputClaims>
</ClaimsTransformation>

In this example, the addressJson claim should contain the JSON object you provided. The transformation will extract the formatted field and store it in the formattedAddress claim.

Regarding the use of ExperimentalTechnicalProfile, it is not necessary for parsing JSON objects from OpenID Connect providers. The claims transformation configuration provided above should work within the base.xml file.

If you're still encountering errors, please double-check your configuration and ensure that the input claims are correctly populated.

Please let me know if you have any questions and I can help you further.

If this answer helps you please mark "Accept Answer" so other users can reference it.

Thank you,

James

Yauh Ask 0

Hello! Thanks for suggestion.

But your advice still does not solve the issue. Of course, it is difficult to troubleshoot, not knowing my exact config, but I attempt to be exhaustive below. Current error thrown is "AADB2C: An exception has occurred." onto redirect to jwt.ms:

Screenshot 2023-08-03 at 19.10.05

onto configuration itself, within <ClaimsSchema>, those are the following claim types I define:

     <ClaimType Id="claims">
        <DisplayName>incoming json</DisplayName>
        <DataType>string</DataType>
        <UserInputType>TextBox</UserInputType>
      </ClaimType>


      <ClaimType Id="formattedAddress">
        <DisplayName>transformed address</DisplayName>
        <DataType>string</DataType>
        <UserInputType>TextBox</UserInputType>
      </ClaimType>
     
Is string correct for incoming json?

Within <ClaimsProvider>, where <Protocol Name="OpenIdConnect" />, I define input & output claims:


            <InputClaim ClaimTypeReferenceId="claims" DefaultValue="{&quot;userinfo&quot;:{&quot;address&quot;:null}}" AlwaysUseDefaultValue="true" />

     ```

```haskell

<OutputClaim ClaimTypeReferenceId="formattedAddress" PartnerClaimType="address" DefaultValue="Unknown" />

             ```

James Hamil 27,221 Reputation points Microsoft Employee Moderator

2023-08-07T20:48:34.9933333+00:00

Hi @Yauh Ask ,can you please send me an email at "azcommunity@microsoft.com" with subject "ATTN: James Hamil" and your subscription ID? I can open a free support ticket for you.

Best,

James
Yauh Ask 0 Reputation points

2023-08-09T12:54:20.8533333+00:00

Thank you James! I wrote an email.
Alexander Reynaert 0 Reputation points

2023-10-25T17:36:26.5066667+00:00

@James Hamil did you find a solution for this problem? I have the same issue with the 'address' claim in JSON format.
Its to integrate the Itsme identity provider (Belgian Mobile eID): https://belgianmobileid.github.io/slate/login.html#4-mapping-the-user

Share via

Azure B2C claims transformation, GetClaimFromJson, for standart OpenID Connect provider

1 answer

Your answer