Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Adding extension attributes to claims when using Azure AD to sign in to Azure B2C

Deleted
Not applicable

After many tears, I have managed to get Azure AD and Azure B2C working well using the instructions at https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom. However, I cannot get the custom attributes that I have defined to show up in the claims. My signup and sign in policy is below and I see identityProvider, givenName and surname appear but not the extension ones. Is this another case of waiting a few hours for B2C to catch up or is there something else needed to be added?

 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy
PolicySchemaVersion="0.3.0.0"
TenantId="bcheadev.onmicrosoft.com"
PolicyId="B2C_1A_signup_signinwithAAD"

<BasePolicy>
<TenantId>bcheadev.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
</BasePolicy>

<RelyingParty>
<DefaultUserJourney ReferenceId="SignUpOrSignInUsingBallardChalmers" />
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="givenName" />
<OutputClaim ClaimTypeReferenceId="surname" />
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
<OutputClaim ClaimTypeReferenceId="identityProvider" />
<OutputClaim ClaimTypeReferenceId="extension_organisationId" />
<OutputClaim ClaimTypeReferenceId="extension_heaRole" />
<OutputClaim ClaimTypeReferenceId="extension_organisationName" />
<OutputClaim ClaimTypeReferenceId="extension_roleDisplayName" />
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
0 Replies