How can I return the PolicyId Claim after executin

I would like the policyId to be included in the claims that are returned when my Customized SignUpSignIn policy is executed.

I think this should be in claim Id tfp.

There is an article on how to do this.

In the section "Setting claim representing policy ID" it says to include the key AuthenticationContextReferenceClaimPattern in the "Token Issuer" ClaimsProvider override.

<ClaimsProviders>
  <ClaimsProvider>
    <DisplayName>Token Issuer</DisplayName>
    <TechnicalProfiles>
      <TechnicalProfile Id="JwtIssuer">
        <Metadata>
          .....
          <Item Key="AuthenticationContextReferenceClaimPattern">None</Item>
        </Metadata>
      </TechnicalProfile>
    </TechnicalProfiles>
  </ClaimsProvider>
</ClaimsProviders>

And then you have to add the trustFrameworkPolicy in your outputClaims. I think like this:

<RelyingParty>
  <DefaultUserJourney ReferenceId="SignUpOrSignIn" />
  <TechnicalProfile Id="PolicyProfile">
    <DisplayName>PolicyProfile</DisplayName>
    <Protocol Name="OpenIdConnect" />
    <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="displayName" />
      <OutputClaim ClaimTypeReferenceId="givenName" />
      <OutputClaim ClaimTypeReferenceId="surname" />
      ......
      <OutputClaim ClaimTypeReferenceId="trustFrameworkPolicy" Required="true" DefaultValue="{policy}" />
    </OutputClaims>
  <SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>

But when I upload this Custom Policy file an error is displayed:

"Policy "B2C_1A_xxxx" of tenant "yyyyy.onmicrosoft.com" makes a reference to ClaimType with id "trustframeworkPolicy" but neither the policy nor any of its base policies contain such an element."

Meaning it can't find the ClaimTypeReferenceId: "trustFrameworkPolicy".

Do I have to add a claim definition of the ClaimType "trustframeworkPolicy"? in the ClaimsSchema?

If so: What's it like?

回答1:

Add the following ClaimType to TrustFrameworkExtensions.xml:

<ClaimType Id="trustFrameworkPolicy">
    <DisplayName>Trust Framework Policy</DisplayName>
    <DataType>string</DataType>
    <DefaultPartnerClaimTypes>
        <Protocol Name="OAuth2" PartnerClaimType="tfp" />
        <Protocol Name="OpenIdConnect" PartnerClaimType="tfp" />
    </DefaultPartnerClaimTypes>
</ClaimType>

Note: ClaimType should be a child node of <ClaimsSchema><BuildingBlocks>

回答2:

The PolicyId is in the ACR claim when using the Starter Pack