API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 2nd, 2022
152
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.96 KB | None | 0 0
raw download clone embed print report
  1. <?xml version="1.0" encoding="utf-8" ?>
  2. <TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3. xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  4. xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="{Settings:Tenant}" PolicyId="B2C_1A_JITMigraion_TrustFrameworkExtensions" PublicPolicyUri="http://{Settings:Tenant}/B2C_1A_JITMigraion_TrustFrameworkExtensions">
  5.  
  6. <BasePolicy>
  7. <TenantId>{Settings:Tenant}</TenantId>
  8. <PolicyId>B2C_1A_JITMigraion_TrustFrameworkBase</PolicyId>
  9. </BasePolicy>
  10. <BuildingBlocks>
  11. <ClaimsSchema>
  12. <!--Demo: This claim indicates whether the user need to migrate-->
  13. <ClaimType Id="needToMigrate">
  14. <DisplayName>needToMigrate</DisplayName>
  15. <DataType>string</DataType>
  16. <AdminHelpText>Indicates whether the user need to migrate</AdminHelpText>
  17. <UserHelpText>Indicates whether the user need to migrate</UserHelpText>
  18. </ClaimType>
  19. <ClaimType Id="useInputPassword">
  20. <DisplayName>useInputPassword</DisplayName>
  21. <DataType>boolean</DataType>
  22. </ClaimType>
  23.  
  24. <ClaimType Id="extension_creditorId">
  25. <DisplayName>Creditor ID</DisplayName>
  26. <DataType>int</DataType>
  27. <AdminHelpText>The ID of the creditor this user belongs to</AdminHelpText>
  28. <UserHelpText>The ID of the creditor this user belongs to</UserHelpText>
  29. </ClaimType>
  30. <ClaimType Id="extension_likvidoUserId">
  31. <DisplayName>Likvido user ID</DisplayName>
  32. <DataType>string</DataType>
  33. <AdminHelpText>The ID of the user in the Likvido DB</AdminHelpText>
  34. <UserHelpText>The ID of the user in the Likvido DB</UserHelpText>
  35. </ClaimType>
  36. <ClaimType Id="extension_likvidoRole">
  37. <DisplayName>Likvido user role</DisplayName>
  38. <DataType>string</DataType>
  39. <AdminHelpText>The role of the user in Likvido</AdminHelpText>
  40. <UserHelpText>The role of the user in Likvido</UserHelpText>
  41. </ClaimType>
  42. <ClaimType Id="extension_title">
  43. <DisplayName>Likvido user title</DisplayName>
  44. <DataType>string</DataType>
  45. <AdminHelpText>The title of the user</AdminHelpText>
  46. <UserHelpText>The title of the user</UserHelpText>
  47. </ClaimType>
  48. </ClaimsSchema>
  49. </BuildingBlocks>
  50.  
  51. <ClaimsProviders>
  52. <ClaimsProvider>
  53. <DisplayName>Azure Active Directory</DisplayName>
  54. <TechnicalProfiles>
  55. <TechnicalProfile Id="AAD-Common">
  56. <Metadata>
  57. <!--Insert b2c-extensions-app application ID here, for example: 11111111-1111-1111-1111-111111111111-->
  58. <Item Key="ClientId">{Settings:B2CExtensionsAppClientId}</Item>
  59. <!--Insert b2c-extensions-app application ObjectId here, for example: 22222222-2222-2222-2222-222222222222-->
  60. <Item Key="ApplicationObjectId">{Settings:B2CExtensionsAppObjectId}</Item>
  61. </Metadata>
  62. </TechnicalProfile>
  63. </TechnicalProfiles>
  64. </ClaimsProvider>
  65. <!-- Local account Sign-Up claims provider -->
  66. <ClaimsProvider>
  67. <DisplayName>Local Account</DisplayName>
  68. <TechnicalProfiles>
  69.  
  70. <!-- SIGN-IN -->
  71. <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
  72. <OutputClaims>
  73. <OutputClaim ClaimTypeReferenceId="needToMigrate" />
  74. <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
  75. <OutputClaim ClaimTypeReferenceId="extension_creditorId" />
  76. <OutputClaim ClaimTypeReferenceId="extension_likvidoUserId" />
  77. <OutputClaim ClaimTypeReferenceId="extension_likvidoRole" />
  78. <OutputClaim ClaimTypeReferenceId="extension_title" />
  79. </OutputClaims>
  80. <ValidationTechnicalProfiles>
  81. <!--Demo: Add user migration validation technical profile before login-NonInteractive -->
  82. <ValidationTechnicalProfile ReferenceId="REST-UserMigration-LocalAccount-SignIn" ContinueOnError="false" />
  83.  
  84. <!--Demo: Run this validation technical profile only if user doesn't need to migrate -->
  85. <ValidationTechnicalProfile ReferenceId="login-NonInteractive">
  86. <Preconditions>
  87. <Precondition Type="ClaimEquals" ExecuteActionsIf="true">
  88. <Value>needToMigrate</Value>
  89. <Value>local</Value>
  90. <Action>SkipThisValidationTechnicalProfile</Action>
  91. </Precondition>
  92. </Preconditions>
  93. </ValidationTechnicalProfile>
  94.  
  95. <!--Demo: Run this validation technical profile only if user needs to migrate -->
  96. <ValidationTechnicalProfile ReferenceId="AAD-MigrateUserUsingLogonEmail">
  97. <Preconditions>
  98. <Precondition Type="ClaimEquals" ExecuteActionsIf="false">
  99. <Value>needToMigrate</Value>
  100. <Value>local</Value>
  101. <Action>SkipThisValidationTechnicalProfile</Action>
  102. </Precondition>
  103. </Preconditions>
  104. </ValidationTechnicalProfile>
  105.  
  106. </ValidationTechnicalProfiles>
  107. </TechnicalProfile>
  108.  
  109. <!-- SIGN-UP -->
  110. <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
  111. <Metadata>
  112. <Item Key="EnforceEmailVerification">False</Item>
  113. </Metadata>
  114. <ValidationTechnicalProfiles>
  115. <!--Demo: Add user migration validation technical profile before AAD-UserWriteUsingLogonEmail -->
  116. <ValidationTechnicalProfile ReferenceId="REST-UserMigration-LocalAccount-SignUp" ContinueOnError="false" />
  117. <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" ContinueOnError="false" />
  118. </ValidationTechnicalProfiles>
  119. </TechnicalProfile>
  120.  
  121. <!-- PASSWORD RESET first page -->
  122. <TechnicalProfile Id="LocalAccountDiscoveryUsingEmailAddress">
  123. <Metadata>
  124. <Item Key="EnforceEmailVerification">False</Item>
  125. </Metadata>
  126. <ValidationTechnicalProfiles>
  127. <ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingEmailAddress" ContinueOnError="true" />
  128. <ValidationTechnicalProfile ReferenceId="REST-UserMigration-LocalAccount-PasswordReset1" ContinueOnError="false" />
  129. </ValidationTechnicalProfiles>
  130. </TechnicalProfile>
  131.  
  132. <!-- PASSWORD RESET second page -->
  133. <TechnicalProfile Id="LocalAccountWritePasswordUsingObjectId">
  134. <OutputClaims>
  135. <OutputClaim ClaimTypeReferenceId="objectId" />
  136. <OutputClaim ClaimTypeReferenceId="authenticationSource" />
  137. </OutputClaims>
  138. <ValidationTechnicalProfiles>
  139. <ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId">
  140. <!--Don't run this validation technical profile if objectId is not exists (migrated acccount)-->
  141. <Preconditions>
  142. <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
  143. <Value>objectId</Value>
  144. <Action>SkipThisValidationTechnicalProfile</Action>
  145. </Precondition>
  146. </Preconditions>
  147. </ValidationTechnicalProfile>
  148.  
  149. <ValidationTechnicalProfile ReferenceId="REST-UserMigration-LocalAccount-PasswordReset2">
  150. <!--Don't run this validation technical profile if objectId is exists (existing acccount)-->
  151. <Preconditions>
  152. <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
  153. <Value>objectId</Value>
  154. <Action>SkipThisValidationTechnicalProfile</Action>
  155. </Precondition>
  156. </Preconditions>
  157. </ValidationTechnicalProfile>
  158.  
  159. <ValidationTechnicalProfile ReferenceId="AAD-MigrateUserUsingLogonEmail">
  160. <!--Don't run this validation technical profile if objectId is exists (existing acccount)-->
  161. <Preconditions>
  162. <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
  163. <Value>objectId</Value>
  164. <Action>SkipThisValidationTechnicalProfile</Action>
  165. </Precondition>
  166. </Preconditions>
  167. </ValidationTechnicalProfile>
  168.  
  169. </ValidationTechnicalProfiles>
  170. </TechnicalProfile>
  171. </TechnicalProfiles>
  172. </ClaimsProvider>
  173.  
  174. <ClaimsProvider>
  175. <DisplayName>REST APIs</DisplayName>
  176. <TechnicalProfiles>
  177.  
  178. <!--Demo: Checks if user exists in the migration table. If yes, validate the credentials and migrate the account -->
  179. <TechnicalProfile Id="REST-UserMigration-LocalAccount-SignIn">
  180. <DisplayName>Migrate user sign-in flow</DisplayName>
  181. <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  182. <Metadata>
  183. <Item Key="ServiceUrl">{Settings:LikvidoWebAppApiBaseUrl}/users/azure-ad-b2c/migrate</Item>
  184. <Item Key="AuthenticationType">None</Item>
  185. <Item Key="SendClaimsIn">Body</Item>
  186. <Item Key="AllowInsecureAuthInProduction">True</Item>
  187. </Metadata>
  188. <InputClaims>
  189. <InputClaim ClaimTypeReferenceId="signInName" />
  190. <InputClaim ClaimTypeReferenceId="password" />
  191. <InputClaim ClaimTypeReferenceId="useInputPassword" DefaultValue="false" />
  192. </InputClaims>
  193. <OutputClaims>
  194. <OutputClaim ClaimTypeReferenceId="needToMigrate" />
  195. <OutputClaim ClaimTypeReferenceId="email" />
  196. <OutputClaim ClaimTypeReferenceId="newPassword" />
  197. <OutputClaim ClaimTypeReferenceId="displayName" />
  198. <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="firstName" />
  199. <OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="lastName" />
  200. <OutputClaim ClaimTypeReferenceId="extension_creditorId" PartnerClaimType="creditorId" />
  201. <OutputClaim ClaimTypeReferenceId="extension_likvidoUserId" PartnerClaimType="likvidoUserId" />
  202. <OutputClaim ClaimTypeReferenceId="extension_likvidoRole" PartnerClaimType="likvidoRole" />
  203. <OutputClaim ClaimTypeReferenceId="extension_title" PartnerClaimType="title" />
  204. </OutputClaims>
  205. <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
  206. </TechnicalProfile>
  207.  
  208. <!--Demo: Checks if user exists in the migration table. If yes, raises an error -->
  209. <TechnicalProfile Id="REST-UserMigration-LocalAccount-SignUp">
  210. <DisplayName>Migrate user sign-in flow</DisplayName>
  211. <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  212. <Metadata>
  213. <Item Key="ServiceUrl">{Settings:LikvidoWebAppApiBaseUrl}/users/azure-ad-b2c/raise-error-if-exists</Item>
  214. <Item Key="AuthenticationType">None</Item>
  215. <Item Key="SendClaimsIn">Body</Item>
  216. <Item Key="AllowInsecureAuthInProduction">True</Item>
  217. </Metadata>
  218. <InputClaims>
  219. <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInName" />
  220. </InputClaims>
  221. <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
  222. </TechnicalProfile>
  223.  
  224. <!--Demo: Checks if user exists in Azure AD B2C or the migration table. If not, raises an error -->
  225. <TechnicalProfile Id="REST-UserMigration-LocalAccount-PasswordReset1">
  226. <DisplayName>Migrate user sign-in flow</DisplayName>
  227. <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  228. <Metadata>
  229. <Item Key="ServiceUrl">{Settings:LikvidoWebAppApiBaseUrl}/users/azure-ad-b2c/raise-error-if-not-exists</Item>
  230. <Item Key="AuthenticationType">None</Item>
  231. <Item Key="SendClaimsIn">Body</Item>
  232. <Item Key="AllowInsecureAuthInProduction">True</Item>
  233. </Metadata>
  234. <InputClaims>
  235. <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInName" />
  236. <InputClaim ClaimTypeReferenceId="objectId" />
  237. </InputClaims>
  238. <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
  239. </TechnicalProfile>
  240.  
  241. <TechnicalProfile Id="REST-UserMigration-LocalAccount-PasswordReset2">
  242. <DisplayName>Migrate user sign-in flow</DisplayName>
  243. <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  244. <Metadata>
  245. <Item Key="ServiceUrl">{Settings:LikvidoWebAppApiBaseUrl}/users/azure-ad-b2c/migrate</Item>
  246. <Item Key="AuthenticationType">None</Item>
  247. <Item Key="SendClaimsIn">Body</Item>
  248. <Item Key="AllowInsecureAuthInProduction">True</Item>
  249. </Metadata>
  250. <InputClaims>
  251. <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInName" />
  252. <!-- <InputClaim ClaimTypeReferenceId="password" /> -->
  253. <InputClaim ClaimTypeReferenceId="useInputPassword" DefaultValue="true" />
  254. </InputClaims>
  255. <OutputClaims>
  256. <OutputClaim ClaimTypeReferenceId="needToMigrate" />
  257. <OutputClaim ClaimTypeReferenceId="email" />
  258. <!-- Don't return the new password <OutputClaim ClaimTypeReferenceId="newPassword" /> -->
  259. <OutputClaim ClaimTypeReferenceId="displayName" />
  260. <OutputClaim ClaimTypeReferenceId="givenName" />
  261. <OutputClaim ClaimTypeReferenceId="surName" />
  262. </OutputClaims>
  263. <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
  264. </TechnicalProfile>
  265. </TechnicalProfiles>
  266. </ClaimsProvider>
  267.  
  268. <!-- Local account Sign-In claims provider -->
  269. <ClaimsProvider>
  270. <DisplayName>Local Account SignIn</DisplayName>
  271. <TechnicalProfiles>
  272. <TechnicalProfile Id="login-NonInteractive">
  273. <Metadata>
  274. <Item Key="client_id">{Settings:ProxyIdentityExperienceFrameworkAppId}</Item>
  275. <Item Key="IdTokenAudience">{Settings:IdentityExperienceFramework}</Item>
  276. </Metadata>
  277. <InputClaims>
  278. <InputClaim ClaimTypeReferenceId="client_id" DefaultValue="{Settings:ProxyIdentityExperienceFrameworkAppId}" />
  279. <InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="{Settings:IdentityExperienceFramework}" />
  280. </InputClaims>
  281. </TechnicalProfile>
  282. </TechnicalProfiles>
  283. </ClaimsProvider>
  284.  
  285. <ClaimsProvider>
  286. <DisplayName>Azure Active Directory</DisplayName>
  287. <TechnicalProfiles>
  288. <TechnicalProfile Id="AAD-MigrateUserUsingLogonEmail">
  289. <Metadata>
  290. <Item Key="Operation">Write</Item>
  291. <Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
  292. </Metadata>
  293. <IncludeInSso>false</IncludeInSso>
  294. <InputClaims>
  295. <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
  296. </InputClaims>
  297. <PersistedClaims>
  298. <!-- Required claims -->
  299. <PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
  300. <PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password"/>
  301. <PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown" />
  302. <PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration,DisableStrongPassword" AlwaysUseDefaultValue="true"/>
  303.  
  304. <!-- Optional claims. -->
  305. <PersistedClaim ClaimTypeReferenceId="givenName" />
  306. <PersistedClaim ClaimTypeReferenceId="surname" />
  307. <PersistedClaim ClaimTypeReferenceId="extension_creditorId" />
  308. <PersistedClaim ClaimTypeReferenceId="extension_likvidoUserId" />
  309. <PersistedClaim ClaimTypeReferenceId="extension_likvidoRole" />
  310. <PersistedClaim ClaimTypeReferenceId="extension_title" />
  311. </PersistedClaims>
  312. <OutputClaims>
  313. <OutputClaim ClaimTypeReferenceId="objectId" />
  314. <OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" />
  315. <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
  316. <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
  317.  
  318. <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
  319. <OutputClaim ClaimTypeReferenceId="extension_creditorId" />
  320. <OutputClaim ClaimTypeReferenceId="extension_likvidoUserId" />
  321. <OutputClaim ClaimTypeReferenceId="extension_likvidoRole" />
  322. <OutputClaim ClaimTypeReferenceId="extension_title" />
  323. </OutputClaims>
  324. <IncludeTechnicalProfile ReferenceId="AAD-Common" />
  325. <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
  326. </TechnicalProfile>
  327. </TechnicalProfiles>
  328. </ClaimsProvider>
  329.  
  330. <!-- Facebook claims provider -->
  331. <ClaimsProvider>
  332. <DisplayName>Facebook</DisplayName>
  333. <TechnicalProfiles>
  334. <TechnicalProfile Id="Facebook-OAUTH">
  335. <Metadata>
  336. <!--Demo action required: Change to your Facebook App Id-->
  337. <Item Key="client_id">TODO</Item>
  338. <Item Key="scope">email public_profile</Item>
  339. <Item Key="ClaimsEndpoint">https://graph.facebook.com/me?fields=id,first_name,last_name,name,email</Item>
  340. </Metadata>
  341. </TechnicalProfile>
  342. </TechnicalProfiles>
  343. </ClaimsProvider>
  344. </ClaimsProviders>
  345.  
  346. <!--<UserJourneys>
  347. </UserJourneys>-->
  348.  
  349. </TrustFrameworkPolicy>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!