1

This is the situation, Azure AD B2C custom policy: There are 2 types of passwords for my users, LongTermPasswords and temporary passwords.Long Term passwords must have at least 12 characters, and they follow a regular expression. Temporary passwords have at most 11 characters, and they don't follow a regular expression. This is the algorithm so far: if password matches regex => is long term password if password doesn't match regex => is temporary password. It is very important to know if the password is long term or temporary (a temporary password must follow a different flow). So I have created the following ClaimsTransformation:

<ClaimsTransformation Id="CheckIfLongTermPwd"
                                  TransformationMethod="SetClaimsIfRegexMatch">
                <InputClaims>
                    <InputClaim ClaimTypeReferenceId="password"
                                TransformationClaimType="claimToMatch" />
                </InputClaims>
                <InputParameters>
                    <InputParameter Id="matchTo"
                                    DataType="string"
                                    Value="__pwdRegEx__" />
                    <InputParameter Id="outputClaimIfMatched"
                                    DataType="string"
                                    Value="password" />
                </InputParameters>
                <OutputClaims>
                <OutputClaim ClaimTypeReferenceId="copiedPassword"
                             TransformationClaimType="outputClaim" />
                    <OutputClaim ClaimTypeReferenceId="isLongTermPwd"
                                 TransformationClaimType="regexCompareResultClaim" />
                </OutputClaims>
From the basic claims password is defined as usual: 
    <ClaimType Id="password">
        <DisplayName>Password</DisplayName>
        <DataType>string</DataType>
        <UserHelpText>Enter password</UserHelpText>
        <UserInputType>Password</UserInputType>
    </ClaimType>

And then it breaks in the technical profile "LocalAccountSignUpWithLogonEmail", when I call the output claim transformation CheckIfLongTermPwd.

However, with a little debugging, I found out that if Password in password is String, it works but unfortunately, the user can see the password when he/she is typing it.

Any ideas on how to solve this?

myself
  • 103
  • 7

1 Answers1

1

B2C doesn't allow you to play with passwords, it is impossible to copy the password, for security reasons, therefore, this can't be done and I need to look for another solution.

myself
  • 103
  • 7
  • You can copy claims with a Password UserInputType, although such claims will have their value cleared after the technical profile that populated them finishes. Are you working off of the starterpack though? The version of "LocalAccountSignUpWithLogonEmail" in the starterpack doesn't include a claim of ID "password" (it has "newPassword" and "reenterPassword" instead for the repeated-entry form). Can you post your "LocalAccountSignUpWithLogonEmail" technical profile? – SevenStarConstellation Mar 09 '23 at 07:54
  • yes, I have really complicated requirements – myself Mar 09 '23 at 13:46