Merge pull request #185192 from yoelhor/patch-232

Claims transformation improvements

Author: ttorble

articles/active-directory-b2c/boolean-transformations.md

@@ -9,28 +9,29 @@ manager: CelesteDG
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 06/06/2020
+ms.date: 01/17/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
 
 # Boolean claims transformations
 
-[!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)]
-
-This article provides examples for using the boolean claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). For more information, see [ClaimsTransformations](claimstransformations.md).
+This article provides examples for using the boolean claims transformations of the Identity Experience Framework schema in Azure Active Directory B2C (Azure AD B2C). For more information, see [claims transformations](claimstransformations.md).
 
 ## AndClaims
 
-Performs an And operation of two boolean inputClaims and sets the outputClaim with result of the operation.
+Computes an `And` operation of two boolean input claims, and sets the output claim with result of the operation.
 
-| Item  | TransformationClaimType  | Data Type  | Notes |
+| Element  | TransformationClaimType  | Data Type  | Notes |
 |-------| ------------------------ | ---------- | ----- |
-| InputClaim | inputClaim1 | boolean | The first ClaimType to evaluate. |
-| InputClaim | inputClaim2  | boolean | The second ClaimType to evaluate. |
-|OutputClaim | outputClaim | boolean | The ClaimTypes that will be produced after this claims transformation has been invoked (true or false). |
+| InputClaim | inputClaim1 | boolean | The first claim to evaluate. |
+| InputClaim | inputClaim2  | boolean | The second claim to evaluate. |
+|OutputClaim | outputClaim | boolean | The claim that will be produced after this claims transformation has been invoked (true or false). |
+
 
-The following claims transformation demonstrates how to And two boolean ClaimTypes: `isEmailNotExist`, and `isSocialAccount`. The output claim `presentEmailSelfAsserted` is set to `true` if the value of both input claims are `true`. In an orchestration step, you can use a precondition to preset a self-asserted page, only if a social account email is empty.
+### Example of AndClaims
+
+The following claims transformation demonstrates how to `And` two boolean claims: `isEmailNotExist`, and `isSocialAccount`. The output claim `presentEmailSelfAsserted` is set to `true` if the values of both input claims are `true`.
 
 ```xml
 <ClaimsTransformation Id="CheckWhetherEmailBePresented" TransformationMethod="AndClaims">
@@ -44,29 +45,29 @@ The following claims transformation demonstrates how to And two boolean ClaimTyp
 </ClaimsTransformation>
 ```
 
-### Example of AndClaims
-
 - Input claims:
-    - **inputClaim1**: true
-    - **inputClaim2**: false
+  - **inputClaim1**: true
+  - **inputClaim2**: false
 - Output claims:
-    - **outputClaim**: false
+  - **outputClaim**: false
 
 
 ## AssertBooleanClaimIsEqualToValue
 
 Checks that boolean values of two claims are equal, and throws an exception if they are not.
 
-| Item | TransformationClaimType  | Data Type  | Notes |
+| Element | TransformationClaimType  | Data Type  | Notes |
 | ---- | ------------------------ | ---------- | ----- |
-| inputClaim | inputClaim | boolean | The ClaimType to be asserted. |
+| inputClaim | inputClaim | boolean | The claim to be checked. |
 | InputParameter |valueToCompareTo | boolean | The value to compare (true or false). |
 
 The **AssertBooleanClaimIsEqualToValue** claims transformation is always executed from a [validation technical profile](validation-technical-profile.md) that is called by a [self-asserted technical profile](self-asserted-technical-profile.md). The **UserMessageIfClaimsTransformationBooleanValueIsNotEqual** self-asserted technical profile metadata controls the error message that the technical profile presents to the user. The error messages can be [localized](localization-string-ids.md#claims-transformations-error-messages).
 
 ![AssertStringClaimsAreEqual execution](./media/boolean-transformations/assert-execution.png)
 
-The following claims transformation demonstrates how to check the value of a boolean ClaimType with a `true` value. If the value of the `accountEnabled` ClaimType is false, an error message is thrown.
+### Example of AssertBooleanClaimIsEqualToValue
+
+The following claims transformation demonstrates how to check the value of a boolean claim with a `true` value. If the value of the `accountEnabled` claim is false, an error message is thrown.
 
 ```xml
 <ClaimsTransformation Id="AssertAccountEnabledIsTrue" TransformationMethod="AssertBooleanClaimIsEqualToValue">
@@ -79,49 +80,59 @@ The following claims transformation demonstrates how to check the value of a boo
 </ClaimsTransformation>
 ```
 
+- Input claims:
+  - **inputClaim**: false
+  - **valueToCompareTo**: true
+- Result: Error thrown
+
+### Calling the AssertBooleanClaimIsEqualToValue claims transformation
 
-The `login-NonInteractive` validation technical profile calls the `AssertAccountEnabledIsTrue` claims transformation.
+The following `Example-AssertBoolean` validation technical profile calls the `AssertAccountEnabledIsTrue` claims transformation.
 
 ```xml
-<TechnicalProfile Id="login-NonInteractive">
-  ...
+<TechnicalProfile Id="Example-AssertBoolean">
+  <DisplayName>Unit test</DisplayName>
+  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+  <OutputClaims>
+    <OutputClaim ClaimTypeReferenceId="ComparisonResult" DefaultValue="false" />
+  </OutputClaims>
   <OutputClaimsTransformations>
     <OutputClaimsTransformation ReferenceId="AssertAccountEnabledIsTrue" />
   </OutputClaimsTransformations>
+  <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
 </TechnicalProfile>
 ```
 
-The self-asserted technical profile calls the validation **login-NonInteractive** technical profile.
+The self-asserted technical profile calls the validation `Example-AssertBoolean` technical profile.
 
 ```xml
-<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
+<TechnicalProfile Id="SelfAsserted-AssertDateTimeIsGreaterThan">
+  <DisplayName>Example</DisplayName>
+  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
   <Metadata>
+    <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
     <Item Key="UserMessageIfClaimsTransformationBooleanValueIsNotEqual">Custom error message if account is disabled.</Item>
   </Metadata>
+  ...
   <ValidationTechnicalProfiles>
-    <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
+    <ValidationTechnicalProfile ReferenceId="Example-AssertBoolean" />
   </ValidationTechnicalProfiles>
 </TechnicalProfile>
 ```
 
-### Example of AssertBooleanClaimIsEqualToValue
-
-- Input claims:
-    - **inputClaim**: false
-    - **valueToCompareTo**: true
-- Result: Error thrown
-
 ## CompareBooleanClaimToValue
 
 Checks that boolean value of a claim is equal to `true` or `false`, and return the result of the compression.
 
-| Item | TransformationClaimType  | Data Type  | Notes |
+| Element | TransformationClaimType  | Data Type  | Notes |
 | ---- | ------------------------ | ---------- | ----- |
-| InputClaim | inputClaim | boolean | The ClaimType to be asserted. |
+| InputClaim | inputClaim | boolean | The claim to be compared. |
 | InputParameter |valueToCompareTo | boolean | The value to compare (true or false). |
-| OutputClaim | compareResult | boolean | The ClaimType that is produced after this ClaimsTransformation has been invoked. |
+| OutputClaim | compareResult | boolean | The claim that is produced after this claims transformation has been invoked. |
+
+### Example of CompareBooleanClaimToValue
 
-The following claims transformation demonstrates how to check the value of a boolean ClaimType with a `true` value. If the value of the `IsAgeOver21Years` ClaimType is equal to `true`, the claims transformation returns `true`, otherwise `false`.
+The following claims transformation demonstrates how to check the value of a boolean claim with a `true` value. If the value of the `IsAgeOver21Years` claim is equal to `true`, the claims transformation returns `true`, otherwise `false`.
 
 ```xml
 <ClaimsTransformation Id="AssertAccountEnabled" TransformationMethod="CompareBooleanClaimToValue">
@@ -137,25 +148,25 @@ The following claims transformation demonstrates how to check the value of a boo
 </ClaimsTransformation>
 ```
 
-### Example of CompareBooleanClaimToValue
-
 - Input claims:
-    - **inputClaim**: false
+  - **inputClaim**: false
 - Input parameters:
-    - **valueToCompareTo**: true
+  - **valueToCompareTo**: true
 - Output claims:
-    - **compareResult**: false
+  - **compareResult**: false
 
 ## NotClaims
 
-Performs a Not operation of the boolean inputClaim and sets the outputClaim with result of the operation.
+Computes a `Not` operation of the boolean input claim and sets the output claim with result of the operation.
 
-| Item | TransformationClaimType | Data Type | Notes |
+| Element | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
 | InputClaim | inputClaim | boolean | The claim to be operated. |
-| OutputClaim | outputClaim | boolean | The ClaimTypes that are produced after this ClaimsTransformation has been invoked (true or false). |
+| OutputClaim | outputClaim | boolean | The claim that is produced after this claims transformation has been invoked (true or false). |
+
+### Example of NotClaims
 
-Use this claim transformation to perform logical negation on a claim.
+The following claims transformation demonstrates how to perform logical negation on a claim.
 
 ```xml
 <ClaimsTransformation Id="CheckWhetherEmailBePresented" TransformationMethod="NotClaims">
@@ -168,24 +179,24 @@ Use this claim transformation to perform logical negation on a claim.
 </ClaimsTransformation>
 ```
 
-### Example of NotClaims
-
 - Input claims:
-    - **inputClaim**: false
+  - **inputClaim**: false
 - Output claims:
-    - **outputClaim**: true
+  - **outputClaim**: true
 
 ## OrClaims
 
-Computes an Or of two boolean inputClaims and sets the outputClaim with result of the operation.
+Computes an `Or` of two boolean claims and sets the output claim with result of the operation.
 
-| Item | TransformationClaimType | Data Type | Notes |
+| Element | TransformationClaimType | Data Type | Notes |
 | ---- | ----------------------- | --------- | ----- |
-| InputClaim | inputClaim1 | boolean | The first ClaimType to evaluate. |
-| InputClaim | inputClaim2 | boolean | The second ClaimType to evaluate. |
-| OutputClaim | outputClaim | boolean | The ClaimTypes that will be produced after this ClaimsTransformation has been invoked (true or false). |
+| InputClaim | inputClaim1 | boolean | The first claim to evaluate. |
+| InputClaim | inputClaim2 | boolean | The second claim to evaluate. |
+| OutputClaim | outputClaim | boolean | The claim that will be produced after this claims transformation has been invoked (true or false). |
+
+### Example of OrClaims
 
-The following claims transformation demonstrates how to `Or` two boolean ClaimTypes. In the orchestration step, you can use a precondition to preset a self-asserted page, if the value of one of the claims is `true`.
+The following claims transformation demonstrates how to `Or` two boolean claims.
 
 ```xml
 <ClaimsTransformation Id="CheckWhetherEmailBePresented" TransformationMethod="OrClaims">
@@ -199,10 +210,12 @@ The following claims transformation demonstrates how to `Or` two boolean ClaimTy
 </ClaimsTransformation>
 ```
 
-### Example of OrClaims
-
 - Input claims:
-    - **inputClaim1**: true
-    - **inputClaim2**: false
+  - **inputClaim1**: true
+  - **inputClaim2**: false
 - Output claims:
-    - **outputClaim**: true
+  - **outputClaim**: true
+
+## Next steps
+
+- Find more [claims transformation samples](https://github.com/azure-ad-b2c/unit-tests/tree/main/claims-transformation) on the Azure AD B2C community GitHub repo

articles/active-directory-b2c/claims-transformation-technical-profile.md

@@ -1,15 +1,15 @@
 ---
-title: Define a Claims transformation technical profile
+title: Define a claims transformation technical profile
 titleSuffix: Azure AD B2C
-description: Define a Claims transformation technical profile in a custom policy in Azure Active Directory B2C.
+description: Define a claims transformation technical profile in a custom policy in Azure Active Directory B2C.
 services: active-directory-b2c
 author: kengaderdus
 manager: CelesteDG
 
 ms.service: active-directory
 ms.workload: identity
 ms.topic: reference
-ms.date: 02/13/2020
+ms.date: 01/17/2022
 ms.author: kengaderdus
 ms.subservice: B2C
 ---
@@ -35,7 +35,7 @@ The following example shows a claims transformation technical profile:
 
 ## Output claims
 
-The **OutputClaims** element is mandatory. You should provide at least one output claim returned by the technical profile. The following example shows how to set default values in the output claims:
+The **OutputClaims** element is mandatory. Provide at least one output claim returned by the technical profile. The following example shows how to set default values in the output claims:
 
 ```xml
 <OutputClaims>
@@ -78,7 +78,7 @@ TransformationClaimType="collection" />
 </TechnicalProfile>
 ```
 
-The claims transformation technical profile enables you to execute a claims transformation from any user journey's orchestration step. In the following example, the orchestration step calls one of the unlink technical profiles, such as **UnLink-Facebook-OAUTH**. This technical profile calls the claims transformation technical profile **RemoveAlternativeSecurityIdByIdentityProvider**, which generates a new **AlternativeSecurityIds2** claim that contains the list of user social identities, while removing the Facebook identity from the collections.
+The claims transformation technical profile enables you to execute a claims transformation from any user journey's orchestration step. In the following example, the orchestration step calls one of the unlink technical profiles, such as **UnLink-Facebook-OAUTH**. This technical profile calls the output claims transformation **RemoveAlternativeSecurityIdByIdentityProvider**, which generates a new **AlternativeSecurityIds2** claim. The output claim contains the list of user's social identities, while removing the Facebook identity from the collections.
 
 ```xml
 <UserJourney Id="AccountUnLink">
@@ -100,7 +100,8 @@ The claims transformation technical profile enables you to execute a claims tran
 
 | Attribute | Required | Description |
 | --------- | -------- | ----------- |
-| IncludeClaimResolvingInClaimsHandling  | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this to `true`. |
+| IncludeClaimResolvingInClaimsHandling | No | For input and output claims, specifies whether [claims resolution](claim-resolver-overview.md) is included in the technical profile. Possible values: `true`, or `false` (default). If you want to use a claims resolver in the technical profile, set this metadata to `true`. |
+| ContentDefinitionReferenceId | No | The identifier of the [content definition](contentdefinitions.md) associated with this technical profile. The content definition metadata is required for [FormatLocalizedString](string-transformations.md#formatlocalizedstring), [GetLocalizedStringsTransformation](string-transformations.md#getlocalizedstringstransformation), and [GetMappedValueFromLocalizedCollection](string-transformations.md#getmappedvaluefromlocalizedcollection) claims transformations.|
 
 ## Use a validation technical profile