AAD B2C - Mapping SAML Attribute containing True or False to Claim with Boolean Data Type

Question

I am attempting to define an attribute that will be returned by a SAML 2.0 Identity Provider to AAD B2C and handled in a custom policy.

The goal is that the SAML attribute defines a boolean value and that AAD B2C is able to perform logic based on the value of the claim.

The SAML Attribute represents True or False as per the below:

<saml:Attribute Name="http://schemas.custom/claim/booleanexample" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
    <saml:AttributeValue>True</saml:AttributeValue>
</saml:Attribute>

When attempting to map this SAML Attribute to a claim defined within the Custom Policy ClaimsSchema with a data type of boolean, an error is thrown.

Message in App Insights: "The data type 'String' of claim with id 'http://schemas.custom/claim/booleanexample' does not match the Data Type 'Boolean' of claimType with id 'BooleanExample' specified in the policy."

<ClaimType Id="BooleanExample">
  <DataType>boolean</DataType>
</ClaimType>

I cannot see any mechanism to explicitly define a type for the attribute within SAML (it appears that AttributeValue should be of type xs:any).

I have attempted passing the usual values including 0/1, True/False, true/false with no luck.

Is it really required to handle this with a String claim, and then populate a Boolean claim using a Claims Transformation?

Answer 1

In the event that it helps anyone:

It appears that the claim must be mapped as a string, inspected using a CompareClaimToValue claims transformation that sets a boolean claim with the result of the comparison.

      <ClaimsTransformation Id="CreateBooleanClaimFromString" TransformationMethod="CompareClaimToValue">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="samlBooleanClaimAsString" TransformationClaimType="inputClaim1" />
        </InputClaims>
        <InputParameters>
          <InputParameter Id="compareTo" DataType="string" Value="true" />
          <InputParameter Id="operator" DataType="string" Value="equal" />
          <InputParameter Id="ignoreCase" DataType="string" Value="false" />
        </InputParameters>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="samlBooleanClaimAsBoolean" TransformationClaimType="outputClaim" />
        </OutputClaims>
      </ClaimsTransformation>