B2C Custom Policy Claims Transformation: Set outputclaim to stringCollection?

Question

Looking for a way to set outputclaim as a stringCollection based on a inputclaim which is either a stringCollection (group claims) or a boolean.

I am unable to find a TransformationMethod that fullfils my requirement.

Checked the following TransformationMethod and none has a outputclaim that supports stringCollection:

SetClaimIfBooleansMatch
SetClaimsIfRegexMatch
SetClaimsIfStringsMatch

Am I missing something or is there any workaround to this?

UPDATE

my need is to get the group claims from an IdP and set one or more roles based on the group membership(s).

the struggle is to set hooli.roles as a stringCollection to use as a list… none of the TransformationMethod support my usecase.

below is a 2-step process… tried a single ClaimsTransformation as well…

<ClaimType Id="groups">
  <DisplayName>Security groups</DisplayName>
  <DataType>stringCollection</DataType>
  <DefaultPartnerClaimTypes>
    <Protocol Name="SAML2" PartnerClaimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups" />
  </DefaultPartnerClaimTypes>
</ClaimType>

<ClaimType Id="hooli.role.analyst">
  <DisplayName>Hooli Role - Analyst</DisplayName>
  <DataType>boolean</DataType>
</ClaimType>

<ClaimType Id="hooli.roles">
  <DisplayName>Hooli Roles</DisplayName>
  <DataType>string</DataType>
</ClaimType>

<!-- Step #1 -->
     <ClaimsTransformation Id="SethooliRole.Analyst" TransformationMethod="StringCollectionContains">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="groups" TransformationClaimType="inputClaim" />
        </InputClaims>
        <InputParameters>
          <InputParameter Id="item" DataType="string" Value="Analyst Group" />
          <InputParameter Id="ignoreCase" DataType="string" Value="true" />
        </InputParameters>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="hooli.role.analyst" TransformationClaimType="outputClaim" />
        </OutputClaims>
      </ClaimsTransformation> 

<!-- Step #2 -->      
      <ClaimsTransformation Id="ishooliRole.Analyst" TransformationMethod="SetClaimIfBooleansMatch">
        <InputClaims>
          <InputClaim ClaimTypeReferenceId="hooli.role.analyst" TransformationClaimType="claimToMatch" />
        </InputClaims>
        <InputParameters>
          <InputParameter Id="matchTo" DataType="string" Value="true" />
          <InputParameter Id="outputClaimIfMatched" DataType="string" Value="Analyst" />
        </InputParameters>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="hooli.roles" TransformationClaimType="outputClaim" />
        </OutputClaims>
      </ClaimsTransformation>

Leave a Comment Cancel reply