Azure AD B2C The string '{Context:DateTimeInUtc}' is not a valid AllXsd value

Christopher Norris 21 Reputation points


I am trying to use the {Context:DateTimeInUtc} claims resolver in an Azure AD B2C Custom Policy and I am getting the following error message:

There was an error serializing the object of type Microsoft.Cpim.Data.TrustFrameworkPolicy. The string '{Context:BuildNumber}' is not a valid AllXsd value

According to the documentation it indicates that ClaimsResolvers are allowed to be used in Azure Active Directory Technical Profiles with either InputClaims or OutputClaims as long as the following settings are true:

  • IncludeClaimResolvingInClaimsHandling is set to true.
  • AlwaysUseDefaultValue is set to true.


<TechnicalProfile Id="AAD-Write-ByObjectId-Password">
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
<InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="objectId" Required="true" />
<InputClaim ClaimTypeReferenceId="extension_lastPasswordChangeDateTime" DefaultValue="{Context:DateTimeInUtc}" AlwaysUseDefaultValue="true" />
<!-- Required claims -->
<PersistedClaim ClaimTypeReferenceId="objectId" />
<PersistedClaim ClaimTypeReferenceId="Password-Validated-Password" PartnerClaimType="password" />
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration, DisableStrongPassword" />
<PersistedClaim ClaimTypeReferenceId="extension_isRegistered" DefaultValue="true" AlwaysUseDefaultValue="true" />
<PersistedClaim ClaimTypeReferenceId="extension_lastPasswordChangeDateTime" />
<OutputClaim ClaimTypeReferenceId="objectId" />
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />


For the sake of further testing, I have tried other Context Claims Resolvers and was able to duplicate the same output.

Azure Active Directory External Identities
{count} votes

Accepted answer
  1. Marilee Turscak-MSFT 24,401 Reputation points Microsoft Employee

    Hi @Christopher Norris ,

    I understand that you are are receiving the "not a valid AllXsd value" error when trying to input the DateTimeInUtc.

    This is happening because you are trying to resolve the claim in the AAD Technical Profiles, which cannot be done at this point. You could resolve it at a self asserted step, or rest API step. Otherwise you can use this sample to get the last time the user performed MFA to sign on.

    You can use GetCurrentDateTime to get the current time at login and can use that as an input claim transform as part of your self asserted sign in technical profile.

    There are examples here and here that achieve this. From the Stack Overflow thread, here is an example of using GetCurrentDateTime (full example on the thread) in the ClaimsTransformation:

      <ClaimsTransformation Id="GetSystemDateTime" TransformationMethod="GetCurrentDateTime">  
              <OutputClaim ClaimTypeReferenceId="CurrentTime" TransformationClaimType="currentDateTime" />  

    Let me know if this helps and if you have further questions.


    If the information provided was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.

    0 comments No comments

0 additional answers

Sort by: Most helpful