I am trying to display a custom error, idea is user may have several MFA setup, user introduces login, then goes to a screen where he needs to select the MFA that he wants to use, if the MFA is in a list, then he can proceed, if it is not, then we need to display an error. This is my code:
...
<OrchestrationStep Order="3"
Type="ClaimsExchange"
ContentDefinitionReferenceId="api.selfasserted">
<ClaimsExchanges>
<ClaimsExchange Id="MFAConfigChecks"
TechnicalProfileReferenceId="SelfAsserted-GettingSelectedMFAParameter" />
</ClaimsExchanges>
</OrchestrationStep>
...
<TechnicalProfile Id="SelfAsserted-GettingSelectedMFAParameter">
<DisplayName>Getting selected MFA Parameter</DisplayName>
<Protocol Name="Proprietary"
Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
<Item Key="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">testeando.</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="preferredAuthenticationMethodCollection" />
<InputClaim ClaimTypeReferenceId="NoMFAConfig" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="selectedAuthenticationMethod"
Required="true" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="SelectedMFAIsConfigured" />
<OutputClaimsTransformation ReferenceId="NeedToDisplayError" />
</OutputClaimsTransformations>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="AssertBooleanSelectedMFAError" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
...
<TechnicalProfile Id="AssertBooleanSelectedMFAError">
<DisplayName>Unit test</DisplayName>
<Protocol Name="Proprietary"
Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="AreConditionsMet"
DefaultValue="false" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="MFAConditionsMet" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>
I have tested so far for AreConditionsMet and at this stage, when this is true the error is still being display, what am I doing wrong? I think it is taking the default value in any case, but I don't get why it does not workout the value in the SelfAsserted-GettingSelectedMFAParameter technical profile.
<ClaimsTransformation Id="MFAConditionsMet"
TransformationMethod="AssertBooleanClaimIsEqualToValue">
<InputClaims>
<InputClaim ClaimTypeReferenceId="AreConditionsMet"
TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter Id="valueToCompareTo"
DataType="boolean"
Value="true" />
</InputParameters>
</ClaimsTransformation>
No comments:
Post a Comment