I am modifying an existing custom policy's behavior and have not yet been able to find guidance on what I a trying to do.
Backgound
I have a custom signup/signin policy with a terms & conditions page. The general workflow is:
- Sign up / Sign in
- Terms & conditions acceptance
- Send the claims back to the web application, which signs the user in ## Goal
I have been asked to modify the policy so that rather than redirecting back to the web application on sign in, it displays a custom HTML "pending verification page".
What I've done
- Created and deployed the custom HTML content.
- Created a
ContentDefinition that points to that HTML page: xml
<ContentDefinition Id="api.selfasserted.pendingverification">
<LoadUri>[redacted]/pending-verification.html</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:1.2.0</DataUri>
<Metadata>
<Item Key="DisplayName">Pending Verification</Item>
</Metadata>
</ContentDefinition>
- Created a
TechnicalProfile that uses that content definition: xml
<TechnicalProfile Id="SelfAsserted-PendingVerification">
<DisplayName>Pending Verification</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted.pendingverification</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
</TechnicalProfile>
- Added an
OrchestrationStep that references the TechnicalProfile: xml
<OrchestrationStep Order="6" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="ShowPendingVerificationPage" TechnicalProfileReferenceId="SelfAsserted-PendingVerification" />
</ClaimsExchanges>
</OrchestrationStep>
- Doublechecked that the order of the steps is what I'd expect and no steps are sharing the same order number in the orchestration. ## Challenge
Despite these steps, the pending verification page seems to be skipped each time, and the next step (which returns the claims) appears to be executed.
Question
- Is my understanding of how to create and refer to a static page above correct?
- Is a technical profile with no input or output claims skipped by default?
- What is the correct way to show a static HTML file in this manner without continuing on to the next step in the orchestration?
