samples icon indicating copy to clipboard operation
samples copied to clipboard

Published 20 hours ago verified publisher icon azure-ad-b2c

Custom policy

Open yogirajdeshpande opened this issue 4 years ago • 4 comments

HI, I want to redirect user to custom page after immediate sign in (this new custom page will have continue button and some html controls like dropdown where use can select value) on this continue click it should redirect back to application with all claims including 2nd page value which is selected in dropdown.

In short flow should be Application -- > Login --> redirect to ad B2C login page (custom page stored in blob storage) -->login success --> redirect to 2nd page(configured using azure and stored in blob storage)-->selects dropdown and clicks continue --->redirect to application call back url with all claims..

Can you please help ???

yogirajdeshpande avatar Mar 03 '21 10:03 yogirajdeshpande

You should just need another Self Asserted technical profile in your policy and journey.

BradCandell avatar Mar 03 '21 13:03 BradCandell

Thank You Brad.. But can you explain in detail as i have not done anything like this before. I have created custom policy and uploaded xml's. in extension.xml I have updated Loaduri with my sign in page blob storage url now on successful login it is redirecting to my application in xml what needs to be added or updated.. I am pasting extension xml here. I have changed url of <ContentDefinition Id="api.signuporsignin">

<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId=".onmicrosoft.com" PolicyId="B2C_1A_TrustFrameworkExtensions" PublicPolicyUri="http://.onmicrosoft.com/B2C_1A_TrustFrameworkExtensions">

.onmicrosoft.com B2C_1A_TrustFrameworkBase 
  <!-- This content definition is to render an error page that displays unhandled errors. -->
  <ContentDefinition Id="api.error">
    <LoadUri>~/tenant/templates/AzureBlue/exception.cshtml</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <DataUri>urn:com:microsoft:aad:b2c:elements:globalexception:1.1.0</DataUri>
    <Metadata>
      <Item Key="DisplayName">Error page</Item>
    </Metadata>
  </ContentDefinition>

  <ContentDefinition Id="api.idpselections">
    <LoadUri>~/tenant/templates/AzureBlue/idpSelector.cshtml</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <DataUri>urn:com:microsoft:aad:b2c:elements:idpselection:1.0.0</DataUri>
    <Metadata>
      <Item Key="DisplayName">Idp selection page</Item>
      <Item Key="language.intro">Sign in</Item>
    </Metadata>
  </ContentDefinition>

  <ContentDefinition Id="api.idpselections.signup">
    <LoadUri>~/tenant/templates/AzureBlue/idpSelector.cshtml</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <DataUri>urn:com:microsoft:aad:b2c:elements:idpselection:1.0.0</DataUri>
    <Metadata>
      <Item Key="DisplayName">Idp selection page</Item>
      <Item Key="language.intro">Sign up</Item>
    </Metadata>
  </ContentDefinition>

  <ContentDefinition Id="api.signuporsignin">
    <LoadUri>https://adcustomlogin.blob.core.windows.net/adblobcontainer/ocean_blue/unified.html</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.0.0</DataUri>
    <Metadata>
      <Item Key="DisplayName">Signin and Signup</Item>
    </Metadata>
  </ContentDefinition>

  <ContentDefinition Id="api.selfasserted">
    <LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>
    <Metadata>
      <Item Key="DisplayName">Collect information from user page</Item>
    </Metadata>
  </ContentDefinition>

  <ContentDefinition Id="api.selfasserted.profileupdate">
    <LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>
    <Metadata>
      <Item Key="DisplayName">Collect information from user page</Item>
    </Metadata>
  </ContentDefinition>

  <ContentDefinition Id="api.localaccountsignup">
    <LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>
    <Metadata>
      <Item Key="DisplayName">Local account sign up page</Item>
    </Metadata>
  </ContentDefinition>

  <ContentDefinition Id="api.localaccountpasswordreset">
    <LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>
    <Metadata>
      <Item Key="DisplayName">Local account change password page</Item>
    </Metadata>
  </ContentDefinition>

</ContentDefinitions>

<ClaimsProvider>
  <DisplayName>Local Account SignIn</DisplayName>
  <TechnicalProfiles>
     <TechnicalProfile Id="login-NonInteractive">
      <Metadata>
        <Item Key="client_id">a19f4fc2-bc8b-4968-a4f7-8cdbd4a5dabc</Item>
        <Item Key="IdTokenAudience">493e62bc-6164-4cbf-983f-6c4c7f54cfb0</Item>
      </Metadata>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="client_id" DefaultValue="a19f4fc2-bc8b-4968-a4f7-8cdbd4a5dabc" />
        <InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="493e62bc-6164-4cbf-983f-6c4c7f54cfb0" />
      </InputClaims>
    </TechnicalProfile>
	
  </TechnicalProfiles>
  
</ClaimsProvider>

<!--UserJourneys>

</UserJourneys-->

yogirajdeshpande avatar Mar 03 '21 13:03 yogirajdeshpande

Thank you @yogirajdeshpande - Once a person makes the leap from User Flows to Custom Policies, it is normal to be a bit intimidated. I recommend that you start with Microsoft's documentation on Getting Started with Custom Policies.

In addition, some things that helped me jump over that learning barrier:

  • Using Visual Studio Code, and the community extension developed under this org. azureadb2ctools.aadb2c.
  • Review the Samples that are in this repository, to learn the various ways to tackle your needs.
  • Leverage www.jwt.ms to test and debug the resulting OpenID Connect JWT Tokens
  • Adding Application Insights to your custom policies

At the end of the day, you will need multiple Self Asserted profiles that will display and collect the information in claims.

I will try to put together a sample at some point, but I cannot currently commit to a timeframe on that.

BradCandell avatar Mar 03 '21 14:03 BradCandell

@yogirajdeshpande - One sample in particular that might be helpful, would be here:

https://github.com/azure-ad-b2c/samples/tree/master/policies/progressive-profile

BradCandell avatar Mar 03 '21 14:03 BradCandell