Unable to fix the OrchestrationStep depending upon the conditional true/false

Gangarde, Sachin 60 Reputation points
2023-09-27T23:37:15.5733333+00:00

Hi,

I am facing one weird issue while putting steps in OrchestrationStep.

I have a requirement to allow or deny user login depending upon user IP address. I am calling an API to check user and IP information and return a boolean type.

User's image

Now, I want to make a decision based on BlockSignIn variable value returned by API. I am calling API on step 2(shown in the below steps.)

Step 3 is to make a decision, whether to allow login or not depending on the value of BlockSignIn

	<OrchestrationStep Order="2" Type="ClaimsExchange">
				  <ClaimsExchanges>
					<ClaimsExchange Id="ClaimsTransformation-SetIsTrustedIPClaim" TechnicalProfileReferenceId="ClaimsTransformation-SetIsTrustedIPClaim" />
				  </ClaimsExchanges>
				</OrchestrationStep>
					
				<OrchestrationStep Order="3" Type="ClaimsExchange">
					<Preconditions>
						<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
							<Value>BlockSignIn</Value>
							<Value>true</Value>
							<Action>SkipThisOrchestrationStep</Action>
						</Precondition>
					</Preconditions>
					<ClaimsExchanges>
						<ClaimsExchange Id="BlockUser" TechnicalProfileReferenceId="Selfasserted-Blockuser" />
					</ClaimsExchanges>
				</OrchestrationStep>

These are my OrchestrationSteps sequence.

Scenarios:

  1. If I return BlockSignIn = true, then it shows me a page with a message that my IP is blocked.
  2. If I return BlockSignIn = false, then it gave me a Server Error with the below details. I am not sure where to check the further details.

AADB2C: An exception has occurred.

Correlation ID: 7a031ab6-0bca-4820-afd2-597b09b975b4

Timestamp: <>

  1. If I update Orchestration step 3 to set to<Value>false</Value>, then it blocks login on returning truefrom API but gives a similar error on returning false from API.
<OrchestrationStep Order="3" Type="ClaimsExchange">
					<Preconditions>
						<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
							<Value>BlockSignIn</Value>
							<Value>false</Value>
							<Action>SkipThisOrchestrationStep</Action>
						</Precondition>
					</Preconditions>
					<ClaimsExchanges>
						<ClaimsExchange Id="BlockUser" TechnicalProfileReferenceId="Selfasserted-Blockuser" />
					</ClaimsExchanges>
				</OrchestrationStep>

I want to achieve below results:

  1. If API returns true(for BlockSignIn), then show the error page.
  2. If API returns false(for BlockSignIn), then proceed further with the next steps to log in.

Can someone guide me, please?

C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,922 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,875 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,737 questions
{count} votes

Accepted answer
  1. 2023-09-29T22:02:28.9266667+00:00

    Hello @Gangarde, Sachin , in order to use preconditions of type ClaimEquals with boolean value, use the literal representations True or False instead of the lowercase versions. Eg.

    <OrchestrationSteps>
       <OrchestrationStep Order="2" Type="ClaimsExchange">
          <ClaimsExchanges>
             <ClaimsExchange Id="ClaimsTransformation-SetIsTrustedIPClaim" TechnicalProfileReferenceId="ClaimsTransformation-SetIsTrustedIPClaim" />
          </ClaimsExchanges>
       </OrchestrationStep>
       <OrchestrationStep Order="3" Type="ClaimsExchange">
          <Preconditions>
             <Precondition Type="ClaimEquals" ExecuteActionsIf="true">
                <Value>BlockSignIn</Value>
                <Value>True</Value>
                <Action>SkipThisOrchestrationStep</Action>
             </Precondition>
          </Preconditions>
          <ClaimsExchanges>
             <ClaimsExchange Id="BlockUser" TechnicalProfileReferenceId="Selfasserted-Blockuser" />
          </ClaimsExchanges>
       </OrchestrationStep>
    </OrchestrationSteps>
    

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.