Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Account Linking example needs to be updated to use alternativeSecurityId

See original GitHub issue

It seems that the account linking example is now out of date. It refers to the userIdentities claim being of type userIdentityCollection, which it is now not. Instead, any reference to UserIdentity and UserIdentityCollection are now AlternativeSecurityId and AlternativeSecurityIdCollection. This change seems to be spread across a few different docs, i.e. how to link is in this repo, but how to use alternativeSecurityId with respect to linking and claim transformations is found elsewhere

If I have time to change these samples and test them, which is unlikely, then I will. Otherwise, for those who need to know what to do, I’ll outline the steps below.

I have had to refactor the account linking example to use, in all policies that reference them. the following:

  • identityProvider in place of issuer
  • alternativeSecurityId in place of userIdentity
  • alternativeSecurityIdCollection in place of userIdentityCollection
  • alternativeSecurityIds in place of userIdentities

Also, the transformations that relate to modifying and creating userIdentity now need to refer to alternativeSecurityId, as follows:

      <ClaimsTransformation Id="CreateUserIdentity" TransformationMethod="CreateAlternativeSecurityId">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="issuerUserId" TransformationClaimType="key" />
          <InputClaim ClaimTypeReferenceId="identityProvider" TransformationClaimType="identityProvider" />
        </InputClaims>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="alternativeSecurityId" TransformationClaimType="alternativeSecurityId" />
        </OutputClaims>
      </ClaimsTransformation>

      <ClaimsTransformation Id="CreateUserIdentityToLink" TransformationMethod="CreateAlternativeSecurityId">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="issuerUserIdToLink" TransformationClaimType="key" />
          <InputClaim ClaimTypeReferenceId="identityProviderToLink" TransformationClaimType="identityProvider" />
        </InputClaims>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="userIdentityToLink" TransformationClaimType="alternativeSecurityId" />
        </OutputClaims>
      </ClaimsTransformation>

      <ClaimsTransformation Id="AppendUserIdentity" TransformationMethod="AddItemToAlternativeSecurityIdCollection">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="alternativeSecurityId" TransformationClaimType="item" />
          <InputClaim ClaimTypeReferenceId="alternativeSecurityIds" TransformationClaimType="collection" />
        </InputClaims>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="alternativeSecurityIds" TransformationClaimType="collection" />
        </OutputClaims>
      </ClaimsTransformation>

      <ClaimsTransformation Id="AppendUserIdentityToLink" TransformationMethod="AddItemToAlternativeSecurityIdCollection">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="userIdentityToLink" TransformationClaimType="item" />
          <InputClaim ClaimTypeReferenceId="alternativeSecurityIds" TransformationClaimType="collection" />
        </InputClaims>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="alternativeSecurityIds" TransformationClaimType="collection" />
        </OutputClaims>
      </ClaimsTransformation>

      <ClaimsTransformation Id="RemoveUserIdentityFromCollectionByIssuer" TransformationMethod="RemoveAlternativeSecurityIdByIdentityProvider">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="identityProviderToUnlink" TransformationClaimType="identityProvider" />
          <InputClaim ClaimTypeReferenceId="alternativeSecurityIds" TransformationClaimType="collection" />
        </InputClaims>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="alternativeSecurityIds" TransformationClaimType="collection" />
        </OutputClaims>
      </ClaimsTransformation>

      <ClaimsTransformation Id="ExtractIdentityProviders" TransformationMethod="GetIdentityProvidersFromAlternativeSecurityIdCollectionTransformation">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="alternativeSecurityIds" TransformationClaimType="alternativeSecurityIdCollection" />
        </InputClaims>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="identityProviders" TransformationClaimType="identityProvidersCollection" />
        </OutputClaims>
      </ClaimsTransformation>

Issue Analytics

  • State:open
  • Created 4 years ago
  • Reactions:1
  • Comments:16 (5 by maintainers)

github_iconTop GitHub Comments

4reactions
iamkochcommented, May 1, 2019

I’ve added these for others who have hit the same issues as me.

1reaction
xinaxucommented, May 30, 2019

@filipemiguelaugusto Looks like you have commented out AddItemToUserIdentityCollection. Your policy is mixing AlternativeSecurityId and UserIdentity, for example CreateAlternativeSecurityId is expecting claim type of data type AlternativeSecurityId but your alternativeSecurityId is of type userIdentity. I would suggest renaming all your claim types, transformations to alternativeSecurityId and make sure there is no UserIdentiteis appeared in the policy.

      <ClaimType Id="alternativeSecurityId">
        <DisplayName>userIdentity</DisplayName>
        <DataType>userIdentity</DataType>
        <AdminHelpText>userIdentity</AdminHelpText>
        <UserHelpText>userIdentity</UserHelpText>
      </ClaimType>

      <ClaimsTransformation Id="CreateUserIdentity" TransformationMethod="CreateAlternativeSecurityId">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="issuerUserId" TransformationClaimType="key" />
          <InputClaim ClaimTypeReferenceId="identityProvider" TransformationClaimType="identityProvider" />
        </InputClaims>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="alternativeSecurityId" TransformationClaimType="alternativeSecurityId" />
        </OutputClaims>
      </ClaimsTransformation>
Read more comments on GitHub >

github_iconTop Results From Across the Web

Social account claims transformation examples for custom ...
This article provides examples for using the social account claims transformations of the Identity Experience Framework schema in Azure AD ...
Read more >
Using identities and linking them in Azure AD B2C
A user with a customer account can sign in with multiple identities. For example, username, email, employee ID, government ID, and others. A ......
Read more >
User already exists with AlternativeSecurityId with another ...
I verified in the Graph Users endpoint if the new issuerUserId ... Is possible query by alternativeSecurityId in Microsoft Graph Users ...
Read more >
A Walkthrough For Azure AD B2C Custom Policy (Identity ...
For the folks who try to edit custom policies by oneself, here we walkthrough the policy structure in Azure AD B2C custom policy....
Read more >
User Account Linking
This allows a user to authenticate from any of their accounts and still be recognized by your app and associated with the same...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Camera-Capture module crash on Windows Docker

Next page

Unable to conditionally execute conditional OrchestrationStep