Share via

B2C custom policy: How to compare "yes"/"no" value from a claim

Gurpreet0101Singh-9444 45 Reputation points
2025-06-04T19:42:33.8633333+00:00

We are setting up signupsignin flow for OpenID connect provider using custom policy. We have used the active-directory-b2c-custom-policy-starter-pack's SocialAndLocalAccounts xmls as the starting point.

Q1:

We are facing some issue to get comparison to work in B2C policy claims transformations. The OpenID connect provider returns the idtoken whose json contains a particular claim value "trueidentity". This claim can have a "yes"/"no" (string) as its value. Based on this we want to either show the end user an error in this B2C signupflow or if "yes" is returned, we will fill the signup screen with a set of data returned in idtoken.

Q2:

The user information we want to use to prefill the form in case of "yes" is deep inside the json in a custom format like 

"userconfig": [
    {
    "attribname" : "first_name"
    "value" : "John"
    },
    {
    "attribname" : "sur_name"
    "value" : "Doe"
    },
]

Can this be mapped to output claims of "firstName", "surName" using xmls claim transformations?

Will the above 2 things be possible in custom policy XMLs alone?

Thanks for any help.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rukmini 3,841 Reputation points Microsoft External Staff Moderator
    2025-06-11T11:53:44.19+00:00

    Hello Gurpreet0101Singh-9444,

    Yes, in Azure AD B2C custom policies:

    • Based on a claim like "trueidentity" using AssertStringClaimIsEqualToValue transformation, you can control the flow conditionally. A custom error can be thrown to stop the flow if the value is "no".
    • Azure AD B2C cannot parse nested JSON arrays (such as userconfig) with only XML. Use a REST API claims provider to get these values; it decodes the JSON and provides flat claims (such as firstName and surName).

    Hence, change the OIDC IdP to directly return flattened claims.

    For sample: If OIDC provider returns the below:

    
"userconfig": [

  { "attribname": "first_name", "value": "John" },

  { "attribname": "sur_name", "value": "Doe" }

]
    • Information like firstName and surName cannot be directly extracted by Azure AD B2C.

    Hence the provider must return:

    
"first_name": "John",

"sur_name": "Doe"

    By doing it, allows direct mapping in OutputClaims section:

    
<OutputClaim ClaimTypeReferenceId="firstName" PartnerClaimType="first_name" />

<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="sur_name" />

    Hope this helps!

    If this answers your query, do click Accept Answer and Yes for was this answer helpful, which may help members with similar questions.

    User's image

    If you have any other questions or are still experiencing issues, feel free to ask in the "comments" section, and I'd be happy to help.

    1 person found this answer helpful.
  2. Gurpreet0101Singh-9444 45 Reputation points
    2025-06-26T10:42:56.4266667+00:00

    We are still having problem getting the comparison of a claim value with "yes"/"no" to work. Can you give an example please.

    We tried various things but get the error when using AssertStringClaimIsEqualToValue:

    The reference to TransformationMethod "AssertStringClaimIsEqualToValue" in ClaimsTransformation with id "CheckIfTrueIdentityYes" in policy "B2C_1A_TrustFrameworkExtensions" of tenant "f1user.onmicrosoft.com" is not supported

    Any help really appreciated

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.