IefPolicies

3.1.19

strings/OIDCtp.xml

                                <ClaimsProvider xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06">

  <!-- https://docs.microsoft.com/en-us/azure/active-directory-b2c/openid-connect-technical-profile -->

  <Domain>{{{0}:domainName}}</Domain>

  <DisplayName>{{{0}:displayName}}</DisplayName>

  <TechnicalProfiles>

    <TechnicalProfile Id="{0}-OIDC">

      <DisplayName>{{{0}:displayName}}</DisplayName>

      <Description>Login with your {{{0}:displayName}} account</Description>

      <Protocol Name="OpenIdConnect"/>

      <Metadata>

        <Item Key="METADATA">{{{0}:metadataUrl}}</Item>

        <Item Key="client_id">{{{0}:clientId}}</Item>                                               

        <Item Key="response_types">code</Item>

        <Item Key="scope">openid profile</Item>

        <Item Key="response_mode">form_post</Item>

        <Item Key="HttpBinding">POST</Item>

        <Item Key="UsePolicyInRedirectUri">false</Item>

        <!--Item Key="IdTokenAudience"></Item-->        

        <!--Item Key="authorization_endpoint"></Item-->        

        <!--Item Key="end_session_endpoint"></Item-->        

        <!--Item Key="issuer"></Item-->        

        <!--Item Key="ProviderName"></Item-->        

        <!--Item Key="ValidTokenIssuerPrefixes"></Item-->        

        <!--Item Key="MarkAsFailureOnStatusCode5xx"></Item-->        

        <!--Item Key="IncludeClaimResolvingInClaimsHandling"></Item-->        

        <!--Item Key="token_endpoint_auth_method">client_secret_post,client_secret_basic,private_key_jwt</Item-->        

        <!--Item Key="token_signing_algorithm">RS256 (default) or RS512</Item-->        

        <!--Item Key="SingleLogoutEnabled">true</Item-->        

        <!--Item Key="ReadBodyClaimsOnIdpRedirect">used with Apple ID</Item-->              

      </Metadata>

      <CryptographicKeys>

        <Key Id="client_secret" StorageReferenceId="B2C_1A_{0}Secret"/>

        <!--Key Id="client_secret" StorageReferenceId="B2C_1A_{0}Secret"/-->     <!--This cryptographic key is required only if the token_endpoint_auth_method metadata is set to private_key_jwt -->   

      </CryptographicKeys> 

      <OutputClaims>

        <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="oid"/>

        <OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid"/>

        <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />

        <OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_name" />

        <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />

        <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />

        <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />

        <OutputClaim ClaimTypeReferenceId="identityProvider" PartnerClaimType="iss" />

      </OutputClaims>

      <OutputClaimsTransformations>

        <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/>

        <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/>

        <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>

        <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/>

      </OutputClaimsTransformations>

      <UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin"/>

    </TechnicalProfile>

  </TechnicalProfiles>

</ClaimsProvider>