Below are my 2 step Orchestration steps, Technicalprofiles, ClaimTransformation and ClaimType. In Step 1 of the Orchestration Step, the User sees a TextBox to enter their username. After entering their username, they can press the Continue button to move onto step 2.
At this time, prior to going to step 2, behind the scene, the TechnicalProfile, "SelfAsserted-LocalAccountLookup-SigninName", is ran. This profile takes the user input for the SignInName, and create a ReadOnly ClaimType for the SignInName.
The trouble I am having is that when I am passing the 'readOnlySignInName' ClaimType to Step 2's Technical Profile as the Input type, it is not actually passing the 'readOnlySignInName' but the signInName field.
Here is my confirmation inside the Application Insights: I purposefully concat the 'Hello' so that I can differentiate the ClaimType to see if I've successfully passed the ReadOnly ClaimType or not.
"Complex-CLMS": {
"signInName": "someUser",
"isEmailBoolean": "False",
"readOnlySignInName": "someUserHello"
},
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSignUp"
TechnicalProfileReferenceId="SelfAsserted-LocalAccountLookup-SigninName" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="CombinedSignInAndSignUp"
ContentDefinitionReferenceId="api.signuporsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection
ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="ForgotPasswordExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange"
TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin" />
</ClaimsExchanges>
</OrchestrationStep>
Image of what the User sees in Step 1:
Image of what the User sees in Step 2:
This is the first Technical Profile from Step 1. It takes in the SignInName and transform it into a ReadOnlySignInName and returns it as a Output
<TechnicalProfile Id="SelfAsserted-LocalAccountLookup-SigninName">
<Metadata>
<Item Key="setting.showCancelButton">false</Item>
<Item Key="setting.showSignupLink">false</Item>
<Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
<Item Key="language.button_continue">Next</Item>
</Metadata>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="isEmailBoolean" />
<OutputClaim ClaimTypeReferenceId="objectId" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CopySignInNameToReadOnlySignInName" />
</OutputClaimsTransformations>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingIdentifier" />
<ValidationTechnicalProfile ReferenceId="regexAnalysisUsername" />
</ValidationTechnicalProfiles>
<IncludeTechnicalProfile
ReferenceId="SelfAsserted-LocalAccountLookup" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
This is where the SignInName gets transformed and concated a Hello just for testing and making it visually easy to see if I am correctly passing the data.
<ClaimsTransformation Id="CopySignInNameToReadOnlySignInName"
TransformationMethod="FormatStringClaim">
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName"
TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter Id="stringFormat" DataType="string" Value="{0}Hello" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="readOnlySignInName"
TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
This is the TechnicalProfile being ran in my 2nd step. I have the Input claim here for the ReadOnlySignInName, but it doesnt seem to be picked up
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin">
<Metadata>
<Item Key="setting.forgotPasswordLinkOverride">ForgotPasswordExchange</Item>
<Item Key="DefaultMessage">Invalid Password.</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="readOnlySignInName"
Required="true" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
<OutputClaim ClaimTypeReferenceId="forceChangePasswordNextLogin" />
</OutputClaims>
</TechnicalProfile>
</TechnicalProfiles>
The example I've tried to follow was from B2C github page: https://github.com/azure-ad-b2c/samples/blob/master/policies/mfa-email-or-phone/policy/SignUpOrSignin_PhoneOrEmailMFA.xml
I am not understanding why my ReadOnly attribute is not being passed over to Orchestration Step 2 and showing up as a non editable field for the Sign In Page. May you guide me on what I am doing incorrectly?
