How to properly read from JSON data into AD B2C custom policy claims

Meier, Maximilian 0 Reputation points
2023-08-23T07:56:49.57+00:00

I have a cartain issue regarding mapping from a JSON response into custom policy claims. I have been through many documentation and examples regarding JSON transformation and extracting claims from JSON, but could not find any hint on my specific JSON format. I am thankful for any solutions and hints, as I really don't know how to access the data within the JSON properly.

The JSON to extract claims from looks like this: [{"account_id":"0925", "first_name":"TestFirst", "last_name":"TestLast", "mail":"testfirst.testlast@mail.com"}]

In the following I provide my current status snippet of the custom policy:

  <ClaimType Id="resultAccountId">
    <DisplayName>Result Account Id after reading inputJson</DisplayName>
    <DataType>string</DataType>
    <UserInputType>Readonly</UserInputType>
  </ClaimType>

  <ClaimType Id="inputJson">
    <DisplayName>input Json</DisplayName>
    <DataType>string</DataType>
    <UserInputType>TextBox</UserInputType>
  </ClaimType>      

   <ClaimsTransformation Id="GetAccountId" TransformationMethod="GetClaimFromJson">
    <InputClaims>
      <InputClaim ClaimTypeReferenceId="inputJson" TransformationClaimType="inputJson" />
    </InputClaims>
    <InputParameters>
      <InputParameter Id="claimToExtract" DataType="string" Value="HOW TO ACCESS account_id"/>
    </InputParameters>
    <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="resultAccountId" TransformationClaimType="extractedClaim" />
    </OutputClaims>
  </ClaimsTransformation>

<TechnicalProfile Id="DatevJSONArray">
      <DisplayName>Datev Auth</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <Metadata>
        <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
        <Item Key="ResolveJsonPathsInJsonTokens">true</Item>
      </Metadata>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="inputJson" DefaultValue='[{"account_id":"0925", "first_name":"TestFirst", "last_name":"TestLast", "mail":"testfirst.testlast@mail.com"}]'/>
      </InputClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="inputJson" />
      </OutputClaims>
      <OutputClaimsTransformations>
        <OutputClaimsTransformation ReferenceId="GetAccountId"/>
      </OutputClaimsTransformations>
      <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/>
    </TechnicalProfile>

What I am trying to achieve in general is to extract the 'account_id' from the JSON. But I would be find as well with extracting every single claim.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,302 questions
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 24,136 Reputation points Microsoft Employee
    2023-08-28T19:45:44.59+00:00

    Hi @Meier, Maximilian , you can use the GetSingleValueFromJsonArray transformation method. Here's an example of how to modify your custom policy to achieve this:

    1. Change the TransformationMethod in the ClaimsTransformation element to GetSingleValueFromJsonArray.
    2. Update the InputClaim element to use the correct ClaimTypeReferenceId.
    3. Add an InputParameter element with the Id set to index and the Value set to 0 to extract the first element of the JSON array.

    Here's the modified ClaimsTransformation element:

    <ClaimsTransformation Id="GetAccountId" TransformationMethod="GetSingleValueFromJsonArray">
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="inputJson" TransformationClaimType="inputJsonClaim" />
      </InputClaims>
      <InputParameters>
        <InputParameter Id="index" DataType="int" Value="0" />
      </InputParameters>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="resultAccountId" TransformationClaimType="extractedClaim" />
      </OutputClaims>
    </ClaimsTransformation>
    

    This should extract the account_id from the JSON array and store it in the resultAccountId claim.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.