3,289 questions
Azure B2C SAML metadata is showing incorrect attribute names
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 77%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Darren Mason
21
Reputation points
Can someone confirm if I'm missing something or is this a bug in B2C?
My Replying Party with SAML2 protocol lists OutputClaims with PartnerClaimType.
<RelyingParty>
<DefaultUserJourney ReferenceId="SignInSuper"/>
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="SAML2"/>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="firstName"/>
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="lastName"/>
The actual SAML assertion includes said attributes with the expected name.
<saml:AttributeStatement xmlns:xs="http://www.w3.org/2001/XMLSchema">
<saml:Attribute Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Given Name">
<saml:AttributeValue xsi:type="xs:string">John</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Surname">
<saml:AttributeValue xsi:type="xs:string">Smith</saml:AttributeValue>
</saml:Attribute>
However the SAML metdata file, located at https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/Samlp/metadata, lists the wrong attribute names. It displays the internal claim names instead of the PartnerClaimType values.
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="givenName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Given Name"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="surname" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Surname"/>
What's the story here? I'd log a bug if I knew where to do it.
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,180 questions
{count} votes
-
Siva-kumar-selvaraj 15,721 Reputation points2022-03-15T19:20:00.973+00:00 Thanks for reaching out.
I'm looking in to this thread , will test this scenario and update you with my findings. Thanks.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 82%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Matt Amphlett 1 Reputation point2022-08-19T13:22:07.853+00:00 I'm also seeing the same issue.
Additionally, changes to the NameID format are not reflected in the metadata but are correct in an actual token.
Sign in to comment
Sign in to answer