SOLVED

Azure B2C and being able to use email/emails attribute from the claim

%3CLINGO-SUB%20id%3D%22lingo-sub-167058%22%20slang%3D%22en-US%22%3EAzure%20B2C%20and%20being%20able%20to%20use%20email%2Femails%20attribute%20from%20the%20claim%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167058%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%0A%3CP%3EWe're%20currently%20working%20through%20using%20Azure%20B2C%20as%20an%20IdP%20for%20Identity%20Server%204.0%20as%20a%20federation%20gateway%20and%20then%20to%20ADFS%20to%20access%20an%20internal%20relying%20party%20trust%20configured%20for%20a%20specific%20use%20case.%20We've%20got%20all%20of%20the%20configuration%20in%20place%20but%20we're%20having%20issue%20with%20trying%20to%20get%20the%20email%20attribute%20from%20the%20B2C%20token%20flowing%20through%20as%20expected.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20Azure%20B2C%2C%20this%20comes%20through%20via%20the%20claim%20attribute%20%22emails%22%20as%20it's%20a%20string%20collection%20type%20and%20have%20spent%20hours%20running%20through%20various%20options%20from%20online%20ideas%20to%20no%20avail.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20in%20advance%20if%20anyone%20has%20any%20idea's%20on%20this%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-167058%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20B2C%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-167670%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20B2C%20and%20being%20able%20to%20use%20email%2Femails%20attribute%20from%20the%20claim%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167670%22%20slang%3D%22en-US%22%3E%3CP%3ELuckily%20this%20issue%20is%20now%20resolved%20as%20using%20the%20Identity%20Server%20Profile%20Service%20%3CA%20href%3D%22http%3A%2F%2Fdocs.identityserver.io%2Fen%2Frelease%2Freference%2Fprofileservice.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fdocs.identityserver.io%2Fen%2Frelease%2Freference%2Fprofileservice.html%3C%2FA%3E%20allowed%20for%20us%20to%20%22Transform%22%20the%20incoming%20claims%20attribute%20%22emails%22%20to%20be%20sent%20through%20in%20the%20JWT%20as%20%22email%22%20as%20required.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Deleted
Not applicable

Hi,

We're currently working through using Azure B2C as an IdP for Identity Server 4.0 as a federation gateway and then to ADFS to access an internal relying party trust configured for a specific use case. We've got all of the configuration in place but we're having issue with trying to get the email attribute from the B2C token flowing through as expected.

 

In Azure B2C, this comes through via the claim attribute "emails" as it's a string collection type and have spent hours running through various options from online ideas to no avail.

 

Thanks in advance if anyone has any idea's on this issue.

1 Reply
Highlighted
Solution

Luckily this issue is now resolved as using the Identity Server Profile Service http://docs.identityserver.io/en/release/reference/profileservice.html allowed for us to "Transform" the incoming claims attribute "emails" to be sent through in the JWT as "email" as required.