Created
January 21, 2022 06:36
-
-
Save mfcollins3/9dfdd425a5789024d4ca9770e975c0e4 to your computer and use it in GitHub Desktop.
Starter local user sign up relying party policy for B2C
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> | |
<TrustFrameworkPolicy | |
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" | |
PolicySchemaVersion="0.3.0.0" | |
TenantId="projectcenterdev.onmicrosoft.com" | |
PolicyId="B2C_1A_SignUp" | |
PublicPolicyUri="http://projectcenterdev.onmicrosoft.com/B2C_1A_SignUp" | |
DeploymentMode="Development" | |
UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"> | |
<BuildingBlocks> | |
<ClaimsSchema> | |
<ClaimType Id="displayName"> | |
<DisplayName>Display Name</DisplayName> | |
<DataType>string</DataType> | |
<UserHelpText>Display name</UserHelpText> | |
<UserInputType>TextBox</UserInputType> | |
</ClaimType> | |
<ClaimType Id="objectId"> | |
<DisplayName>User ID</DisplayName> | |
<DataType>string</DataType> | |
<DefaultPartnerClaimTypes> | |
<Protocol Name="OpenIdConnect" PartnerClaimType="oid" /> | |
</DefaultPartnerClaimTypes> | |
</ClaimType> | |
<ClaimType Id="newPassword"> | |
<DisplayName>New Password</DisplayName> | |
<DataType>string</DataType> | |
<UserHelpText>Password</UserHelpText> | |
<UserInputType>Password</UserInputType> | |
<Restriction> | |
<Pattern RegularExpression="^((?=.*[a-z])(?=.*[A-Z])(?=.*\d)|(?=.*[a-z])(?=.*[A-Z])(?=.*[^A-Za-z0-9])|(?=.*[a-z])(?=.*\d)(?=.*[^A-Za-z0-9])|(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9]))([A-Za-z\d@#$%^&*\-_+=[\]{}|\\:',?/`~"();!]|\.(?!@)){8,16}$" HelpText="8-16 characters, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ & * - _ + = [ ] { } | \ : ' , ? / ` ~ " ( ) ; ." /> | |
</Restriction> | |
</ClaimType> | |
<ClaimType Id="passwordPolicies"> | |
<DisplayName>Password Policies</DisplayName> | |
<DataType>string</DataType> | |
</ClaimType> | |
<ClaimType Id="reenterPassword"> | |
<DisplayName>Confirm Password</DisplayName> | |
<DataType>string</DataType> | |
<UserHelpText>Confirm the password</UserHelpText> | |
<UserInputType>Password</UserInputType> | |
<Restriction> | |
<Pattern RegularExpression="^((?=.*[a-z])(?=.*[A-Z])(?=.*\d)|(?=.*[a-z])(?=.*[A-Z])(?=.*[^A-Za-z0-9])|(?=.*[a-z])(?=.*\d)(?=.*[^A-Za-z0-9])|(?=.*[A-Z])(?=.*\d)(?=.*[^A-Za-z0-9]))([A-Za-z\d@#$%^&*\-_+=[\]{}|\\:',?/`~"();!]|\.(?!@)){8,16}$" HelpText="8-16 characters, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ & * - _ + = [ ] { } | \ : ' , ? / ` ~ " ( ) ; ." /> | |
</Restriction> | |
</ClaimType> | |
<ClaimType Id="signInName"> | |
<DisplayName>Username</DisplayName> | |
<DataType>string</DataType> | |
<UserHelpText>Username</UserHelpText> | |
<UserInputType>TextBox</UserInputType> | |
</ClaimType> | |
<ClaimType Id="signInNames.userName"> | |
<DisplayName>Username</DisplayName> | |
<DataType>string</DataType> | |
<UserHelpText>Username</UserHelpText> | |
<UserInputType>TextBox</UserInputType> | |
</ClaimType> | |
<ClaimType Id="sub"> | |
<DisplayName>Subject</DisplayName> | |
<DataType>string</DataType> | |
<DefaultPartnerClaimTypes> | |
<Protocol Name="OpenIdConnect" PartnerClaimType="sub" /> | |
</DefaultPartnerClaimTypes> | |
</ClaimType> | |
<ClaimType Id="tenantId"> | |
<DisplayName>Tenant ID</DisplayName> | |
<DataType>string</DataType> | |
<DefaultPartnerClaimTypes> | |
<Protocol Name="OpenIdConnect" PartnerClaimType="tid" /> | |
</DefaultPartnerClaimTypes> | |
</ClaimType> | |
<ClaimType Id="userPrincipalName"> | |
<DisplayName>User Principal Name</DisplayName> | |
<DataType>string</DataType> | |
</ClaimType> | |
</ClaimsSchema> | |
<ClaimsTransformations> | |
<ClaimsTransformation Id="SetDisplayNameToSignInName" TransformationMethod="CopyClaim"> | |
<InputClaims> | |
<InputClaim ClaimTypeReferenceId="signInName" TransformationClaimType="inputClaim" /> | |
</InputClaims> | |
<OutputClaims> | |
<OutputClaim ClaimTypeReferenceId="displayName" TransformationClaimType="outputClaim" /> | |
</OutputClaims> | |
</ClaimsTransformation> | |
</ClaimsTransformations> | |
<ContentDefinitions> | |
<ContentDefinition Id="api.localaccountsignup"> | |
<LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri> | |
<RecoveryUri>~/common/default/default_page_error.html</RecoveryUri> | |
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri> | |
<Metadata> | |
<Item Key="DisplayName">Sign Up</Item> | |
</Metadata> | |
</ContentDefinition> | |
</ContentDefinitions> | |
</BuildingBlocks> | |
<ClaimsProviders> | |
<ClaimsProvider> | |
<DisplayName>Trustframework Policy Engine TechnicalProfiles</DisplayName> | |
<TechnicalProfiles> | |
<TechnicalProfile Id="TpEngine_c3bd4fe2-1775-4013-b91d-35f16d377d13"> | |
<DisplayName>Trustframework Policy Engine Default Technical Profile</DisplayName> | |
<Protocol Name="None" /> | |
<Metadata> | |
<Item Key="url">{service:te}</Item> | |
</Metadata> | |
</TechnicalProfile> | |
</TechnicalProfiles> | |
</ClaimsProvider> | |
<ClaimsProvider> | |
<DisplayName>SSO Session Management</DisplayName> | |
<TechnicalProfiles> | |
<TechnicalProfile Id="SSO-None"> | |
<DisplayName>No Session Management</DisplayName> | |
<Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.NoopSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> | |
</TechnicalProfile> | |
<TechnicalProfile Id="SSO-Default"> | |
<DisplayName>Default SSO Session Management Provider</DisplayName> | |
<Description>Session management using the Azure AD B2C internal session provider</Description> | |
<Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.DefaultSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> | |
</TechnicalProfile> | |
</TechnicalProfiles> | |
</ClaimsProvider> | |
<ClaimsProvider> | |
<DisplayName>Active Directory</DisplayName> | |
<TechnicalProfiles> | |
<TechnicalProfile Id="CreateLocalUser"> | |
<DisplayName>Create Local User Account</DisplayName> | |
<Description>Creates the local user account in Active Directory</Description> | |
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.AzureActiveDirectoryProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> | |
<Metadata> | |
<Item Key="Operation">Write</Item> | |
<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item> | |
</Metadata> | |
<IncludeInSso>false</IncludeInSso> | |
<InputClaimsTransformations> | |
<InputClaimsTransformation ReferenceId="SetDisplayNameToSignInName" /> | |
</InputClaimsTransformations> | |
<InputClaims> | |
<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName" Required="true" /> | |
</InputClaims> | |
<PersistedClaims> | |
<PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown"/> | |
<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password" /> | |
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" /> | |
<PersistedClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName" /> | |
</PersistedClaims> | |
<OutputClaims> | |
<OutputClaim ClaimTypeReferenceId="objectId" /> | |
<OutputClaim ClaimTypeReferenceId="userPrincipalName" /> | |
</OutputClaims> | |
<UseTechnicalProfileForSessionManagement ReferenceId="SSO-None" /> | |
</TechnicalProfile> | |
</TechnicalProfiles> | |
</ClaimsProvider> | |
<ClaimsProvider> | |
<DisplayName>Local User</DisplayName> | |
<TechnicalProfiles> | |
<TechnicalProfile Id="ShowSignUpForm"> | |
<DisplayName>Sign Up Form</DisplayName> | |
<Description>Presents the user with a form to complete to sign up for a user account</Description> | |
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" /> | |
<Metadata> | |
<Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item> | |
</Metadata> | |
<OutputClaims> | |
<OutputClaim ClaimTypeReferenceId="signInName" /> | |
<OutputClaim ClaimTypeReferenceId="newPassword" Required="true" /> | |
<OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" /> | |
<OutputClaim ClaimTypeReferenceId="objectId" /> | |
</OutputClaims> | |
<ValidationTechnicalProfiles> | |
<ValidationTechnicalProfile ReferenceId="CreateLocalUser" /> | |
</ValidationTechnicalProfiles> | |
<UseTechnicalProfileForSessionManagement ReferenceId="SSO-Default" /> | |
</TechnicalProfile> | |
</TechnicalProfiles> | |
</ClaimsProvider> | |
<ClaimsProvider> | |
<DisplayName>Token Issuers</DisplayName> | |
<TechnicalProfiles> | |
<TechnicalProfile Id="JWTIssuer"> | |
<DisplayName>JWT Issuer</DisplayName> | |
<Description>Generates and issues the JSON web token containing the user's identity information</Description> | |
<Protocol Name="OpenIdConnect" /> | |
<OutputTokenFormat>JWT</OutputTokenFormat> | |
<Metadata> | |
<Item Key="issuer_refresh_token_user_identity_claim_type">objectId</Item> | |
</Metadata> | |
<CryptographicKeys> | |
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" /> | |
<Key Id="issuer_refresh_token_key" StorageReferenceId="B2C_1A_TokenEncryptionKeyContainer" /> | |
</CryptographicKeys> | |
</TechnicalProfile> | |
</TechnicalProfiles> | |
</ClaimsProvider> | |
</ClaimsProviders> | |
<UserJourneys> | |
<UserJourney Id="SignUp"> | |
<OrchestrationSteps> | |
<OrchestrationStep Order="1" Type="ClaimsExchange"> | |
<ClaimsExchanges> | |
<ClaimsExchange Id="ShowSignUpForm" TechnicalProfileReferenceId="ShowSignUpForm" /> | |
</ClaimsExchanges> | |
</OrchestrationStep> | |
<OrchestrationStep Order="2" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JWTIssuer" /> | |
</OrchestrationSteps> | |
</UserJourney> | |
</UserJourneys> | |
<RelyingParty> | |
<DefaultUserJourney ReferenceId="SignUp" /> | |
<UserJourneyBehaviors> | |
<JourneyInsights | |
TelemetryEngine="ApplicationInsights" | |
InstrumentationKey="7c25e293-8d7e-46c8-9e84-39400c53f1fb" | |
DeveloperMode="true" | |
ClientEnabled="true" | |
ServerEnabled="true" | |
TelemetryVersion="1.0.0" /> | |
</UserJourneyBehaviors> | |
<TechnicalProfile Id="PolicyProfile"> | |
<DisplayName>Sign Up</DisplayName> | |
<Description>Allows new users to sign up and create an account</Description> | |
<Protocol Name="OpenIdConnect" /> | |
<InputClaims></InputClaims> | |
<OutputClaims> | |
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" /> | |
<OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" /> | |
</OutputClaims> | |
<SubjectNamingInfo ClaimType="sub" /> | |
</TechnicalProfile> | |
</RelyingParty> | |
</TrustFrameworkPolicy> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment