Skip to content

Instantly share code, notes, and snippets.

@mmaedler

mmaedler/gist:19ab309897f3a7d993816eb34adc7edb Secret

Created July 2, 2020 11:10
Show Gist options
  • Save mmaedler/19ab309897f3a7d993816eb34adc7edb to your computer and use it in GitHub Desktop.
Save mmaedler/19ab309897f3a7d993816eb34adc7edb to your computer and use it in GitHub Desktop.
Download ZIP
signuponly-userjourney
Raw
gistfile1.txt
##########################################################################
# Overview
##########################################################################
*Technical Profile* *InputClaim* *OutputClaim*
LocalAccountSignUpMultiStep-1 <InputClaim ClaimTypeReferenceId="email"/> <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true"/>
LocalAccountSignUpMultiStep-2 <InputClaim ClaimTypeReferenceId="email"/> —
AAD-UserWriteUsingLogonEmail <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true"/> <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress"/>
##########################################################################
# USER JOURNEY (TrustFrameworkExtensions.xml)
##########################################################################
<UserJourney Id="LL-SignUp-Only">
<OrchestrationSteps>
<!-- Present step1 page for signup to the user (email validation only) -->
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="SignUpWithLogonEmailExchange-Step1"
TechnicalProfileReferenceId="LocalAccountSignUpMultiStep-1"/>
</ClaimsExchanges>
</OrchestrationStep>
<!-- Present step2 page for signup to the user (password and additional attributes) -->
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="SignUpWithLogonEmailExchange-Step2"
TechnicalProfileReferenceId="LocalAccountSignUpMultiStep-2"/>
</ClaimsExchanges>
</OrchestrationStep>
<!-- This step reads any user attributes that we may not have received when in the token. -->
<OrchestrationStep Order="3" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithObjectId"
TechnicalProfileReferenceId="AAD-UserReadUsingObjectId-Default"/>
</ClaimsExchanges>
</OrchestrationStep>
<!-- Issue the token and send it to the application -->
<OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/>
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb"/>
</UserJourney>
##########################################################################
# LocalAccountSignUpMultiStep-1 (SignUpOnly-NotificationTest.xml)
##########################################################################
<TechnicalProfile Id="LocalAccountSignUpMultiStep-1">
<DisplayName>Email signup</DisplayName>
<Protocol Name="Proprietary"
Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<Metadata>
<Item Key="IpAddressClaimReferenceId">IpAddress</Item>
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
<Item Key="language.button_continue">Continue</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer"/>
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email"/>
</InputClaims>
<DisplayClaims>
<DisplayClaim DisplayControlReferenceId="emailVerificationControl" />
</DisplayClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true"/>
<OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true"/>
</OutputClaims>
</TechnicalProfile>
##########################################################################
# LocalAccountSignUpMultiStep-2 (TrustFrameworkExtensions.xml)
##########################################################################
<TechnicalProfile Id="LocalAccountSignUpMultiStep-2">
<DisplayName>Email signup</DisplayName>
<Protocol Name="Proprietary"
Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer"/>
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId"/>
<OutputClaim ClaimTypeReferenceId="newPassword" Required="true"/>
<OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true"/>
<OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true"/>
<OutputClaim ClaimTypeReferenceId="extension_Salutation" Required="true"/>
<OutputClaim ClaimTypeReferenceId="givenName" Required="true"/>
<OutputClaim ClaimTypeReferenceId="surname" Required="true"/>
<OutputClaim ClaimTypeReferenceId="country" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_Company" Required="true"/>
<OutputClaim ClaimTypeReferenceId="extension_Kundennummer" Required="true"/>
<OutputClaim ClaimTypeReferenceId="authenticationSource"/>
<OutputClaim ClaimTypeReferenceId="newUser"/>
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateDisplayNameFromFirstNameAndLastName"/>
</OutputClaimsTransformations>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail"/>
<ValidationTechnicalProfile ReferenceId="Generate-DisplayName"/>
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteProfileUsingObjectId"/>
<ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId"/>
</ValidationTechnicalProfiles>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD"/>
</TechnicalProfile>
##########################################################################
# AAD-UserWriteUsingLogonEmail (TrustFrameworkBase.xml)
##########################################################################
<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress"
Required="true"/>
</InputClaims>
<PersistedClaims>
<!-- Required claims -->
<PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress"/>
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
<PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown"/>
<PersistedClaim ClaimTypeReferenceId="passwordPolicies"
DefaultValue="DisablePasswordExpiration"/>
<!-- Optional claims. -->
<PersistedClaim ClaimTypeReferenceId="extension_Salutation"/>
<PersistedClaim ClaimTypeReferenceId="givenName"/>
<PersistedClaim ClaimTypeReferenceId="surname"/>
<PersistedClaim ClaimTypeReferenceId="country"/>
<PersistedClaim ClaimTypeReferenceId="extension_Company"/>
<PersistedClaim ClaimTypeReferenceId="extension_Kundennummer"/>
</PersistedClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId"/>
<OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated"/>
<OutputClaim ClaimTypeReferenceId="authenticationSource"
DefaultValue="localAccountAuthentication"/>
<OutputClaim ClaimTypeReferenceId="userPrincipalName"/>
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress"/>
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common"/>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD"/>
</TechnicalProfile>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment