Azure AD B2C Custom Policy - Custom Attributes using default values when Rest API Fails

Anand Patil 20 Reputation points
2024-06-18T09:06:38.68+00:00

Hi,

I have an Azure AD B2C Custom Policy using OpenId protocol. I have also included a Rest-API integration in the custom policy and it seems to be working fine. The Rest-API is supposed to fetch additional attributes for the logged in user from an outside system. This works seamlessly for the users who are found in the external system.

I need to address the below need for my scenario -

If the Rest-API fails when a user is not present in the external system, the API returns a 'User Not Found' error and custom policy breaks. However, I dont want the custom policy to break. Instead, on any Rest-API failure, the custom policy should take up the default values defined for the four custom attributes.

How can this be achieved ?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,752 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
237 questions
{count} votes

Accepted answer
  1. Shweta Mathur 29,341 Reputation points Microsoft Employee
    2024-06-18T12:03:28.47+00:00

    Hi @Anand Patil ,

    Thanks for reaching out.

    You can design the integration with the RESTful services in the following ways:

    Whenever your API sends a non 200 response to AAD B2C, it will halt the execution of the journey. If there is a page displayed to the user, and the REST API call is run as a validation technical profile, then the error is displayed on screen. Otherwise, the error is sent to the App URL.

    In a Validation Technical profile, you can change this behavior by using the ContinueOnError property.

    Call the REST API technical profile via a Validation Technical profile, then add the flag ContinueOnError="true".

    <ValidationTechnicalProfile ReferenceId="REST-ReadProfileFromCustomerDatabase" ContinueOnError="true" >
    
    

    In your scenario, in the next validation technical profile read the custom attributes from the defined one to continue the journey.

    Reference - https://learn.microsoft.com/en-us/azure/active-directory-b2c/api-connectors-overview?pivots=b2c-custom-policy#handling-error-messages

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/api-connectors-overview?pivots=b2c-custom-policy

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Q&A Assist
    2024-06-18T09:06:38.6966667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To handle Rest-API failures in Azure AD B2C Custom Policy, you can use the ClaimsTransformation element to set default values for the custom attributes in case of an error. You can add a ClaimsTransformation element after the RESTful technical profile in the ClaimsProvider section of your custom policy XML file. Here is an example of how to set default values for the custom attributes:

    <ClaimsTransformation Id="SetDefaultValues" TransformationMethod="AddMultiValueClaim">
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="customAttribute1" DefaultValue="default1" />
        <InputClaim ClaimTypeReferenceId="customAttribute2" DefaultValue="default2" />
        <InputClaim ClaimTypeReferenceId="customAttribute3" DefaultValue="default3" />
        <InputClaim ClaimTypeReferenceId="customAttribute4" DefaultValue="default4" />
      </InputClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="customAttribute1" />
        <OutputClaim ClaimTypeReferenceId="customAttribute2" />
        <OutputClaim ClaimTypeReferenceId="customAttribute3" />
        <OutputClaim ClaimTypeReferenceId="customAttribute4" />
      </OutputClaims>
    </ClaimsTransformation>
    

    In the above example, the ClaimsTransformation element sets default values for the custom attributes customAttribute1, customAttribute2, customAttribute3, and customAttribute4. If the RESTful technical profile fails, the ClaimsTransformation element is executed, and the default values are set for the custom attributes.

    References:


    References: