Merge branch 'main' into java-suggestions-reza

Author: m-reza-rahman

.openpublishing.redirection.json

@@ -118,6 +118,21 @@ You need more claims to enable CAPTCHA in your custom policy:
         <DisplayName>Flag indicating that the captcha was successfully solved</DisplayName>
         <DataType>boolean</DataType>
       </ClaimType>
+
+      <ClaimType Id="mfaCaptchaEnabled">
+        <DisplayName>flag used to control captcha enabled in MFA</DisplayName>
+        <DataType>string</DataType>
+      </ClaimType>
+
+      <ClaimType Id="signupCaptchaEnabled">
+        <DisplayName>flag used to control captcha enabled during signup</DisplayName>
+        <DataType>string</DataType>
+      </ClaimType>
+
+      <ClaimType Id="signinCaptchaEnabled">
+        <DisplayName>flag used to control captcha enabled during signin</DisplayName>
+        <DataType>string</DataType>
+      </ClaimType>
       ...
      <!--<ClaimsSchema>-->
     ``` 
@@ -314,6 +329,58 @@ To enable CAPTCHA in MFA flow, you need to make an update in two technical profi
     ...
 </TechnicalProfile>
 ```
+
+### Enable CAPTCHA feature flag
+
+To enforce CAPTCHA during sign-up, sign-in, or MFA, you need to add a technical profile that enables a feature flag for each scenario, then call the technical profile in the user journey.
+
+1. In the *TrustFrameworkBase.XML* file, locate the `ClaimsProviders` element and add the claims provider by using the following code:
+
+```xml
+<!--<ClaimsProvider>-->
+...
+<ClaimsProvider>
+
+    <DisplayName>Set Feature Flags</DisplayName>
+
+    <TechnicalProfiles>
+
+    <TechnicalProfile Id="SetFeatureDefaultValue">
+        <DisplayName>Set Feature Flags</DisplayName>
+        <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
+        <OutputClaims>
+            <OutputClaim ClaimTypeReferenceId="signupCaptchaEnabled" DefaultValue="true" />
+            <OutputClaim ClaimTypeReferenceId="signinCaptchaEnabled" DefaultValue="true" />
+            <OutputClaim ClaimTypeReferenceId="mfaCaptchaEnabled" DefaultValue="true" />
+        </OutputClaims>
+    </TechnicalProfile>
+    </TechnicalProfiles>
+</ClaimsProvider>
+...
+<!--<ClaimsProviders>-->
+``` 
+
+2. Set `DefaultValue` to true or false depending on the CAPTCHA scenario
+
+3. Add the feature flags technical profile to the user journey then update the order of the rest of the orchestration steps.
+
+```xml
+<!--<UserJourneys>-->
+...
+<UserJourney Id="SignUpOrSignIn">
+    <OrchestrationSteps>
+
+        <!--Add this orchestration step-->
+        <OrchestrationStep Order="1" Type="ClaimsExchange">
+          <ClaimsExchanges>
+            <ClaimsExchange Id="SetFeatureDefaultValue" TechnicalProfileReferenceId="SetFeatureDefaultValue" />
+          </ClaimsExchanges>
+        </OrchestrationStep>
+...
+<!--<UserJourneys>-->
+```
+
+
 ## Upload the custom policy files
 
 Use the steps in [Upload the policies](tutorial-create-user-flows.md?pivots=b2c-custom-policy&branch=pr-en-us-260336#upload-the-policies) to upload your custom policy files.

articles/active-directory-b2c/add-captcha.md

@@ -422,7 +422,7 @@ Upon an application sign-out request, Azure AD B2C attempts to sign out from you
 
 ## Debug SAML protocol
 
-To help configure and debug federation with a SAML identity provider, you can use a browser extension for the SAML protocol, such as [SAML DevTools extension](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio) for Chrome, [SAML-tracer](https://addons.mozilla.org/es/firefox/addon/saml-tracer/) for FireFox, or [Microsoft Edge or Internet Explorer developer tools](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/gathering-a-saml-token-using-edge-or-ie-developer-tools/ba-p/320957).
+To help configure and debug federation with a SAML identity provider, you can use a browser extension for the SAML protocol, such as [SAML DevTools extension](https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio) for Chrome, [SAML-tracer](https://addons.mozilla.org/es/firefox/addon/saml-tracer/) for Firefox, or [Microsoft Edge or Internet Explorer developer tools](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/gathering-a-saml-token-using-edge-or-ie-developer-tools/ba-p/320957).
 
 Using these tools, you can check the integration between Azure AD B2C and your SAML identity provider. For example: