Azure AD B2C - Claims transformation with 'StringSubstring'

Gangarde, Sachin 20 Reputation points
2024-03-28T04:17:35.02+00:00

Hi,

We have single-sign-on solution based on Azure AD B2C. We also have multiple IDP's integrated through custom policies.

One of the IDP is Auth0 and Auth0 has some other internal federations.

When user is trying to sign in through Auth0(using federations) we are getting 'objectId' in a below format depeding upon the provider in Auth0.

"oidc|SSOOne-B2C-DEV|c25c18d4-fc36-4463-42bb-6b0662dc54b4",

or

"auth0|65ef9dcfa63cb1d97f580f9d"

We want to cut the part before the last occurance of the pipe '|' operator and get the remaining part.

We have a substring but not sure how to get the index of the last position of a pipe '|' operator and cut the string after that.

The output we want in above cases is

"c25c18d4-fc36-4463-42bb-6b0662dc54b4"

or

"65ef9dcfa63cb1d97f580f9d"

I have referred the ClaimTransformation for StringSubString but couldn't find the exact way to get it. 

<ClaimsTransformation Id="GetCodePrefix" TransformationMethod="StringSubstring">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="objectId" TransformationClaimType="inputClaim" />
        </InputClaims>
        <InputParameters>
          <InputParameter Id="startIndex" DataType="int" Value="0" />
          <InputParameter Id="length" DataType="int" Value="24" />
        </InputParameters>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="objectId" TransformationClaimType="outputClaim" />
        </OutputClaims>
      </ClaimsTransformation>

Any input to transform the value "oidc|SSOOne-B2C-DEV|c25c18d4-fc36-4463-42bb-6b0662dc54b4" to "c25c18d4-fc36-4463-42bb-6b0662dc54b4"

Or

"auth0|65ef9dcfa63cb1d97f580f9d" to "65ef9dcfa63cb1d97f580f9d"

Thanks.

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
614 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,641 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,475 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 21,696 Reputation points Microsoft Employee
    2024-03-28T23:51:17.42+00:00

    Hi @Gangarde, Sachin , you can use the StringLastIndexOf transformation method to get the index of the last occurrence of the pipe '|' operator and then use the StringSubstring transformation method to get the remaining part of the string. Here is an example:

    <ClaimsTransformation Id="GetObjectId" TransformationMethod="StringSubstring">
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="objectId" TransformationClaimType="inputClaim" />
  </InputClaims>
  <InputParameters>
    <InputParameter Id="startIndex" DataType="int" Value="{StringLastIndexOf:objectId, '|'}" />
    <InputParameter Id="length" DataType="int" Value="{StringLength:objectId}" />
  </InputParameters>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="objectId" TransformationClaimType="outputClaim" />
  </OutputClaims>
</ClaimsTransformation>

    This transformation method first uses the StringLastIndexOf transformation method to get the index of the last occurrence of the pipe '|' operator in the objectId claim. The result of this transformation method is then used as the startIndex input parameter for the StringSubstring transformation method. The length input parameter is set to the length of the objectId claim. The result of the StringSubstring transformation method is then stored in the objectId claim. This will give you the desired output. Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James