B2C custom policy tfp in Issuer (iss) claim URL

Syed Palayathar 486 Reputation points
2021-03-23T12:30:10.497+00:00

Hello Team

I am using a B2C custom policy. However, it does not give tfp claims in the token. I tried following this article by @AmanpreetSingh-MSFT by adding the following to TrustFrameworkBase.xml and uploaded it. It still didn't work. Could you help?

<Item Key="AuthenticationContextReferenceClaimPattern">None</Item> and then added

<ClaimType Id="trustFrameworkPolicy">
<DisplayName>Trust Framework Policy</DisplayName>
<DataType>string</DataType>
<DefaultPartnerClaimTypes>
<Protocol Name="OAuth2" PartnerClaimType="tfp"/>
<Protocol Name="OpenIdConnect" PartnerClaimType="tfp"/>
</DefaultPartnerClaimTypes>

Finally, added the following to the replying party file

<OutputClaim ClaimTypeReferenceId="trustFrameworkPolicy" Required="true" DefaultValue="{policy}" />

I was expecting issuer URI to be of something like this [te below screenshot is from user flow builtin signin],

80721-shouldlooklike.png

However, issuer uri looks like this [the below screenshot is from custom policy]. Shouldn't it have /tfp in the Issuer (iss) claim URL?
80640-scerror.png

How to resolve this?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
3,015 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,746 Reputation points
    2021-03-23T15:09:08.84+00:00

    Hi @Syed Palayathar · Thank you for reaching out.

    The "tfp" claim doesn't come as part of "issuer" claim as it is a separate claim. The issuer value you are getting is the expected value. If you access your policy metadata endpoint (mentioned below), it will display the same value as the issuer.

    https://your_tenant.b2clogin.com/your_tenant.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=your_signup_signin_policy

    Below is the sample token with "tfp" claim (highlighted in red) for your reference:

    80791-image.png

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.