Created
July 2, 2020 11:10
-
-
Save mmaedler/19ab309897f3a7d993816eb34adc7edb to your computer and use it in GitHub Desktop.
signuponly-userjourney
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
########################################################################## | |
# Overview | |
########################################################################## | |
*Technical Profile* *InputClaim* *OutputClaim* | |
LocalAccountSignUpMultiStep-1 <InputClaim ClaimTypeReferenceId="email"/> <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true"/> | |
LocalAccountSignUpMultiStep-2 <InputClaim ClaimTypeReferenceId="email"/> — | |
AAD-UserWriteUsingLogonEmail <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true"/> <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress"/> | |
########################################################################## | |
# USER JOURNEY (TrustFrameworkExtensions.xml) | |
########################################################################## | |
<UserJourney Id="LL-SignUp-Only"> | |
<OrchestrationSteps> | |
<!-- Present step1 page for signup to the user (email validation only) --> | |
<OrchestrationStep Order="1" Type="ClaimsExchange"> | |
<ClaimsExchanges> | |
<ClaimsExchange Id="SignUpWithLogonEmailExchange-Step1" | |
TechnicalProfileReferenceId="LocalAccountSignUpMultiStep-1"/> | |
</ClaimsExchanges> | |
</OrchestrationStep> | |
<!-- Present step2 page for signup to the user (password and additional attributes) --> | |
<OrchestrationStep Order="2" Type="ClaimsExchange"> | |
<ClaimsExchanges> | |
<ClaimsExchange Id="SignUpWithLogonEmailExchange-Step2" | |
TechnicalProfileReferenceId="LocalAccountSignUpMultiStep-2"/> | |
</ClaimsExchanges> | |
</OrchestrationStep> | |
<!-- This step reads any user attributes that we may not have received when in the token. --> | |
<OrchestrationStep Order="3" Type="ClaimsExchange"> | |
<ClaimsExchanges> | |
<ClaimsExchange Id="AADUserReadWithObjectId" | |
TechnicalProfileReferenceId="AAD-UserReadUsingObjectId-Default"/> | |
</ClaimsExchanges> | |
</OrchestrationStep> | |
<!-- Issue the token and send it to the application --> | |
<OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/> | |
</OrchestrationSteps> | |
<ClientDefinition ReferenceId="DefaultWeb"/> | |
</UserJourney> | |
########################################################################## | |
# LocalAccountSignUpMultiStep-1 (SignUpOnly-NotificationTest.xml) | |
########################################################################## | |
<TechnicalProfile Id="LocalAccountSignUpMultiStep-1"> | |
<DisplayName>Email signup</DisplayName> | |
<Protocol Name="Proprietary" | |
Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/> | |
<Metadata> | |
<Item Key="IpAddressClaimReferenceId">IpAddress</Item> | |
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item> | |
<Item Key="language.button_continue">Continue</Item> | |
</Metadata> | |
<CryptographicKeys> | |
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer"/> | |
</CryptographicKeys> | |
<InputClaims> | |
<InputClaim ClaimTypeReferenceId="email"/> | |
</InputClaims> | |
<DisplayClaims> | |
<DisplayClaim DisplayControlReferenceId="emailVerificationControl" /> | |
</DisplayClaims> | |
<OutputClaims> | |
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true"/> | |
<OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true"/> | |
</OutputClaims> | |
</TechnicalProfile> | |
########################################################################## | |
# LocalAccountSignUpMultiStep-2 (TrustFrameworkExtensions.xml) | |
########################################################################## | |
<TechnicalProfile Id="LocalAccountSignUpMultiStep-2"> | |
<DisplayName>Email signup</DisplayName> | |
<Protocol Name="Proprietary" | |
Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/> | |
<Metadata> | |
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item> | |
</Metadata> | |
<CryptographicKeys> | |
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer"/> | |
</CryptographicKeys> | |
<InputClaims> | |
<InputClaim ClaimTypeReferenceId="email"/> | |
</InputClaims> | |
<OutputClaims> | |
<OutputClaim ClaimTypeReferenceId="objectId"/> | |
<OutputClaim ClaimTypeReferenceId="newPassword" Required="true"/> | |
<OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true"/> | |
<OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true"/> | |
<OutputClaim ClaimTypeReferenceId="extension_Salutation" Required="true"/> | |
<OutputClaim ClaimTypeReferenceId="givenName" Required="true"/> | |
<OutputClaim ClaimTypeReferenceId="surname" Required="true"/> | |
<OutputClaim ClaimTypeReferenceId="country" Required="true"/> | |
<OutputClaim ClaimTypeReferenceId="extension_Company" Required="true"/> | |
<OutputClaim ClaimTypeReferenceId="extension_Kundennummer" Required="true"/> | |
<OutputClaim ClaimTypeReferenceId="authenticationSource"/> | |
<OutputClaim ClaimTypeReferenceId="newUser"/> | |
</OutputClaims> | |
<OutputClaimsTransformations> | |
<OutputClaimsTransformation ReferenceId="CreateDisplayNameFromFirstNameAndLastName"/> | |
</OutputClaimsTransformations> | |
<ValidationTechnicalProfiles> | |
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail"/> | |
<ValidationTechnicalProfile ReferenceId="Generate-DisplayName"/> | |
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteProfileUsingObjectId"/> | |
<ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId"/> | |
</ValidationTechnicalProfiles> | |
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD"/> | |
</TechnicalProfile> | |
########################################################################## | |
# AAD-UserWriteUsingLogonEmail (TrustFrameworkBase.xml) | |
########################################################################## | |
<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail"> | |
<Metadata> | |
<Item Key="Operation">Write</Item> | |
<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item> | |
</Metadata> | |
<IncludeInSso>false</IncludeInSso> | |
<InputClaims> | |
<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" | |
Required="true"/> | |
</InputClaims> | |
<PersistedClaims> | |
<!-- Required claims --> | |
<PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress"/> | |
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/> | |
<PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown"/> | |
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" | |
DefaultValue="DisablePasswordExpiration"/> | |
<!-- Optional claims. --> | |
<PersistedClaim ClaimTypeReferenceId="extension_Salutation"/> | |
<PersistedClaim ClaimTypeReferenceId="givenName"/> | |
<PersistedClaim ClaimTypeReferenceId="surname"/> | |
<PersistedClaim ClaimTypeReferenceId="country"/> | |
<PersistedClaim ClaimTypeReferenceId="extension_Company"/> | |
<PersistedClaim ClaimTypeReferenceId="extension_Kundennummer"/> | |
</PersistedClaims> | |
<OutputClaims> | |
<OutputClaim ClaimTypeReferenceId="objectId"/> | |
<OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated"/> | |
<OutputClaim ClaimTypeReferenceId="authenticationSource" | |
DefaultValue="localAccountAuthentication"/> | |
<OutputClaim ClaimTypeReferenceId="userPrincipalName"/> | |
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress"/> | |
</OutputClaims> | |
<IncludeTechnicalProfile ReferenceId="AAD-Common"/> | |
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD"/> | |
</TechnicalProfile> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment