SOLVED
Home

Azure B2C and being able to use email/emails attribute from the claim

%3CLINGO-SUB%20id%3D%22lingo-sub-167058%22%20slang%3D%22en-US%22%3EAzure%20B2C%20and%20being%20able%20to%20use%20email%2Femails%20attribute%20from%20the%20claim%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167058%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EWe're%20currently%20working%20through%20using%20Azure%20B2C%20as%20an%20IdP%20for%20Identity%20Server%204.0%20as%20a%20federation%20gateway%20and%20then%20to%20ADFS%20to%20access%20an%20internal%20relying%20party%20trust%20configured%20for%20a%20specific%20use%20case.%20We've%20got%20all%20of%20the%20configuration%20in%20place%20but%20we're%20having%20issue%20with%20trying%20to%20get%20the%20email%20attribute%20from%20the%20B2C%20token%20flowing%20through%20as%20expected.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20Azure%20B2C%2C%20this%20comes%20through%20via%20the%20claim%20attribute%20%22emails%22%20as%20it's%20a%20string%20collection%20type%20and%20have%20spent%20hours%20running%20through%20various%20options%20from%20online%20ideas%20to%20no%20avail.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20in%20advance%20if%20anyone%20has%20any%20idea's%20on%20this%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-167058%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20B2C%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-167670%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20B2C%20and%20being%20able%20to%20use%20email%2Femails%20attribute%20from%20the%20claim%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167670%22%20slang%3D%22en-US%22%3E%3CP%3ELuckily%20this%20issue%20is%20now%20resolved%20as%20using%20the%20Identity%20Server%20Profile%20Service%20%3CA%20href%3D%22http%3A%2F%2Fdocs.identityserver.io%2Fen%2Frelease%2Freference%2Fprofileservice.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fdocs.identityserver.io%2Fen%2Frelease%2Freference%2Fprofileservice.html%3C%2FA%3E%20allowed%20for%20us%20to%20%22Transform%22%20the%20incoming%20claims%20attribute%20%22emails%22%20to%20be%20sent%20through%20in%20the%20JWT%20as%20%22email%22%20as%20required.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable

Hi,

We're currently working through using Azure B2C as an IdP for Identity Server 4.0 as a federation gateway and then to ADFS to access an internal relying party trust configured for a specific use case. We've got all of the configuration in place but we're having issue with trying to get the email attribute from the B2C token flowing through as expected.

 

In Azure B2C, this comes through via the claim attribute "emails" as it's a string collection type and have spent hours running through various options from online ideas to no avail.

 

Thanks in advance if anyone has any idea's on this issue.

1 Reply
Solution

Luckily this issue is now resolved as using the Identity Server Profile Service http://docs.identityserver.io/en/release/reference/profileservice.html allowed for us to "Transform" the incoming claims attribute "emails" to be sent through in the JWT as "email" as required.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies