Home

Adding extension attributes to claims when using Azure AD to sign in to Azure B2C

%3CLINGO-SUB%20id%3D%22lingo-sub-184135%22%20slang%3D%22en-US%22%3EAdding%20extension%20attributes%20to%20claims%20when%20using%20Azure%20AD%20to%20sign%20in%20to%20Azure%20B2C%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-184135%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20many%20tears%2C%20I%20have%20managed%20to%20get%20Azure%20AD%20and%20Azure%20B2C%20working%20well%20using%20the%20instructions%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-b2c%2Factive-directory-b2c-setup-aad-custom%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-b2c%2Factive-directory-b2c-setup-aad-custom%3C%2FA%3E.%20However%2C%26nbsp%3BI%20cannot%20get%20the%20custom%20attributes%20that%20I%20have%20defined%20to%20show%20up%20in%20the%20claims.%20My%20signup%20and%20sign%20in%20policy%20is%20below%20and%20I%20see%20identityProvider%2C%20givenName%20and%20surname%20appear%20but%20not%20the%20extension%20ones.%20Is%20this%20another%20case%20of%20waiting%20a%20few%20hours%20for%20B2C%20to%20catch%20up%20or%20is%20there%20something%20else%20needed%20to%20be%20added%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E%3C%2FSPAN%3E%3CSPAN%3Exml%3C%2FSPAN%3E%3CSPAN%3Eversion%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%221.0%22%3C%2FSPAN%3E%3CSPAN%3Eencoding%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22UTF-8%22%3C%2FSPAN%3E%3CSPAN%3Estandalone%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22yes%22%3C%2FSPAN%3E%3CSPAN%3E%3F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3ETrustFrameworkPolicy%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3Exmlns%3Axsi%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22%3CA%20href%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance%3C%2FA%3E%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3Exmlns%3Axsd%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22%3CA%20href%3D%22http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema%3C%2FA%3E%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3Exmlns%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22%3CA%20href%3D%22http%3A%2F%2Fschemas.microsoft.com%2Fonline%2Fcpim%2Fschemas%2F2013%2F06%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fschemas.microsoft.com%2Fonline%2Fcpim%2Fschemas%2F2013%2F06%3C%2FA%3E%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EPolicySchemaVersion%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%220.3.0.0%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3ETenantId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22bcheadev.onmicrosoft.com%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EPolicyId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22B2C_1A_signup_signinwithAAD%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3EPublicPolicyUri%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22%3CA%20href%3D%22http%3A%2F%2Fbcheadev.onmicrosoft.com%2FB2C_1A_signup_signinwithAAD%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fbcheadev.onmicrosoft.com%2FB2C_1A_signup_signinwithAAD%3C%2FA%3E%22%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EBasePolicy%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3ETenantId%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3CSPAN%3Ebcheadev.onmicrosoft.com%3C%2FSPAN%3E%3CSPAN%3E%3CSPAN%3ETenantId%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EPolicyId%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3CSPAN%3EB2C_1A_TrustFrameworkExtensions%3C%2FSPAN%3E%3CSPAN%3E%3CSPAN%3EPolicyId%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%3CSPAN%3EBasePolicy%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3ERelyingParty%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EDefaultUserJourney%3C%2FSPAN%3E%3CSPAN%3EReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22SignUpOrSignInUsingBallardChalmers%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3ETechnicalProfile%3C%2FSPAN%3E%3CSPAN%3EId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22PolicyProfile%22%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EDisplayName%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3CSPAN%3EPolicyProfile%3C%2FSPAN%3E%3CSPAN%3E%3CSPAN%3EDisplayName%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EProtocol%3C%2FSPAN%3E%3CSPAN%3EName%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22OpenIdConnect%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaims%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaim%3C%2FSPAN%3E%3CSPAN%3EClaimTypeReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22displayName%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaim%3C%2FSPAN%3E%3CSPAN%3EClaimTypeReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22givenName%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaim%3C%2FSPAN%3E%3CSPAN%3EClaimTypeReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22surname%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaim%3C%2FSPAN%3E%3CSPAN%3EClaimTypeReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22email%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaim%3C%2FSPAN%3E%3CSPAN%3EClaimTypeReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22objectId%22%3C%2FSPAN%3E%3CSPAN%3EPartnerClaimType%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22sub%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaim%3C%2FSPAN%3E%3CSPAN%3EClaimTypeReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22identityProvider%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaim%3C%2FSPAN%3E%3CSPAN%3EClaimTypeReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22extension_organisationId%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaim%3C%2FSPAN%3E%3CSPAN%3EClaimTypeReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22extension_heaRole%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaim%3C%2FSPAN%3E%3CSPAN%3EClaimTypeReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22extension_organisationName%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3EOutputClaim%3C%2FSPAN%3E%3CSPAN%3EClaimTypeReferenceId%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22extension_roleDisplayName%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%3CSPAN%3EOutputClaims%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%26lt%3B%3C%2FSPAN%3E%3CSPAN%3ESubjectNamingInfo%3C%2FSPAN%3E%3CSPAN%3EClaimType%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%22sub%22%3C%2FSPAN%3E%3CSPAN%3E%2F%26gt%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%3CSPAN%3ETechnicalProfile%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%3CSPAN%3ERelyingParty%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%3CSPAN%3ETrustFrameworkPolicy%3C%2FSPAN%3E%3CSPAN%3E%26gt%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-184135%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EA%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20B2C%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Deleted
Not applicable

After many tears, I have managed to get Azure AD and Azure B2C working well using the instructions at https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom. However, I cannot get the custom attributes that I have defined to show up in the claims. My signup and sign in policy is below and I see identityProvider, givenName and surname appear but not the extension ones. Is this another case of waiting a few hours for B2C to catch up or is there something else needed to be added?

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy
PolicySchemaVersion="0.3.0.0"
TenantId="bcheadev.onmicrosoft.com"
PolicyId="B2C_1A_signup_signinwithAAD"

<BasePolicy>
<TenantId>bcheadev.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
</BasePolicy>

<RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignInUsingBallardChalmers" />
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surname" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
<OutputClaim ClaimTypeReferenceId="identityProvider" />
<OutputClaim ClaimTypeReferenceId="extension_organisationId" />
<OutputClaim ClaimTypeReferenceId="extension_heaRole" />
<OutputClaim ClaimTypeReferenceId="extension_organisationName" />
<OutputClaim ClaimTypeReferenceId="extension_roleDisplayName" />
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies