0

Attempting to find any way (tried endless combinations) to default a value from the initial journey step 1 SelfAssertedAttributeProvider (api.selfasserted) and output into claims bag for downstream usage

  • OutputClaim as default value

    <OutputClaim ClaimTypeReferenceId="EnvironmentId" DefaultValue="12345" AlwaysUseDefaultValue="true" />

I want to use it from the claim bag in the next orchestration step's "SignUp" SelfAssertedAttributeProvider (api.localaccountsignup)

  • InputClaim
  • So that I can ultimately "output" it to the SelfAssertedAttributeProvider ValidationTechnicalProfile as a RestfulProvider as InputClaim to the REST API

I have tried:

  • SelfAssertedAttributeProvider ValidationTechnicalProfile InputClaim/OutputClaim

    <InputClaimClaimTypeReferenceId="EnvironmentId" />

    <OutputClaim ClaimTypeReferenceId="EnvironmentId" />

  • DefaultSSOSessionProvider PersistedClaim

    <PersistedClaim ClaimTypeReferenceId="EnvironmentId" />

Most interesting, I have this working in a completely different policyset -notable difference is I am trying to use the new policyset that uses DisplayClaim and instead of calling REST api via SelfAssertedAttributeProvider ValidationProfile - I am using the input directly to rest via ClaimsExchange step in journey.

felickz
  • 4,292
  • 3
  • 33
  • 37
  • Is your claim being output by a technical profile called by the user journey directly? That is the only way to output a claim to the next orchestration step. – Jas Suri - MSFT Feb 27 '21 at 08:50
  • Thanks your comment gave me confidence i was heading in the right direction :) Assuming the "Sign Up Now" functionality bypasses the initial journey step for ```SelfAssertedAttributeProvider``` as everything attempted there did not work. Turns out i could either default the input claim into the 2nd step of the journey OR back all the way up to the ```RelyingParty TechnicalProfile``` and default there (works best for me). – felickz Mar 01 '21 at 18:23

1 Answers1

1

Assuming the "Sign Up Now" functionality bypasses the initial journey step for SelfAssertedAttributeProvider as everything attempted there did not work.

Instead of attempting to default an OutputClaim, back all the way up to the earliest step in your RelyingParty TechnicalProfile and default as an InputClaim

Example:

    ...
    <TechnicalProfile Id="PolicyProfile">
      <DisplayName>PolicyProfile</DisplayName>
      <Protocol Name="OpenIdConnect" />
      <InputClaims>
          <InputClaim ClaimTypeReferenceId="EnvironmentId" DefaultValue="12345" />
      </InputClaims>
    ...

The claim is successfully sent in the downstream Journey TechnicalProfile as an Input Claim.

Notable Limitation: cannot default claims via claim resolvers here :(

felickz
  • 4,292
  • 3
  • 33
  • 37