This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 13%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECN%3C/text%3E%3C/svg%3E)
Hello,
I am trying to use the {Context:DateTimeInUtc} claims resolver in an Azure AD B2C Custom Policy and I am getting the following error message:
There was an error serializing the object of type Microsoft.Cpim.Data.TrustFrameworkPolicy. The string '{Context:BuildNumber}' is not a valid AllXsd value
According to the documentation it indicates that ClaimsResolvers are allowed to be used in Azure Active Directory Technical Profiles with either InputClaims or OutputClaims as long as the following settings are true:
----------
<TechnicalProfile Id="AAD-Write-ByObjectId-Password">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="objectId" Required="true" />
<InputClaim ClaimTypeReferenceId="extension_lastPasswordChangeDateTime" DefaultValue="{Context:DateTimeInUtc}" AlwaysUseDefaultValue="true" />
</InputClaims>
<PersistedClaims>
<!-- Required claims -->
<PersistedClaim ClaimTypeReferenceId="objectId" />
<PersistedClaim ClaimTypeReferenceId="Password-Validated-Password" PartnerClaimType="password" />
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration, DisableStrongPassword" />
<PersistedClaim ClaimTypeReferenceId="extension_isRegistered" DefaultValue="true" AlwaysUseDefaultValue="true" />
<PersistedClaim ClaimTypeReferenceId="extension_lastPasswordChangeDateTime" />
</PersistedClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" />
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
----------
For the sake of further testing, I have tried other Context Claims Resolvers and was able to duplicate the same output.
Have yall had an opportunity to review?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Christopher Norris ,
I understand that you are are receiving the "not a valid AllXsd value" error when trying to input the DateTimeInUtc.
This is happening because you are trying to resolve the claim in the AAD Technical Profiles, which cannot be done at this point. You could resolve it at a self asserted step, or rest API step. Otherwise you can use this sample to get the last time the user performed MFA to sign on. https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-absolute-timeout-and-ip-change-trigger
You can use GetCurrentDateTime to get the current time at login and can use that as an input claim transform as part of your self asserted sign in technical profile.
There are examples here and here that achieve this. From the Stack Overflow thread, here is an example of using GetCurrentDateTime (full example on the thread) in the ClaimsTransformation:
<ClaimsTransformation Id="GetSystemDateTime" TransformationMethod="GetCurrentDateTime">
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="CurrentTime" TransformationClaimType="currentDateTime" />
</OutputClaims>
</ClaimsTransformation>
Let me know if this helps and if you have further questions.
-
If the information provided was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.