question

ChristopherNorris-0538 avatar image
0 Votes"
ChristopherNorris-0538 asked MarileeTurscak-MSFT answered

Azure AD B2C The string '{Context:DateTimeInUtc}' is not a valid AllXsd value

Hello,

I am trying to use the {Context:DateTimeInUtc} claims resolver in an Azure AD B2C Custom Policy and I am getting the following error message:

There was an error serializing the object of type Microsoft.Cpim.Data.TrustFrameworkPolicy. The string '{Context:BuildNumber}' is not a valid AllXsd value

According to the documentation it indicates that ClaimsResolvers are allowed to be used in Azure Active Directory Technical Profiles with either InputClaims or OutputClaims as long as the following settings are true:

  • IncludeClaimResolvingInClaimsHandling is set to true.

  • AlwaysUseDefaultValue is set to true.


<TechnicalProfile Id="AAD-Write-ByObjectId-Password">
<Metadata>
<Item Key="Operation">Write</Item>
<Item Key="RaiseErrorIfClaimsPrincipalDoesNotExist">true</Item>
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="objectId" Required="true" />
<InputClaim ClaimTypeReferenceId="extension_lastPasswordChangeDateTime" DefaultValue="{Context:DateTimeInUtc}" AlwaysUseDefaultValue="true" />
</InputClaims>
<PersistedClaims>
<!-- Required claims -->
<PersistedClaim ClaimTypeReferenceId="objectId" />
<PersistedClaim ClaimTypeReferenceId="Password-Validated-Password" PartnerClaimType="password" />
<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration, DisableStrongPassword" />
<PersistedClaim ClaimTypeReferenceId="extension_isRegistered" DefaultValue="true" AlwaysUseDefaultValue="true" />
<PersistedClaim ClaimTypeReferenceId="extension_lastPasswordChangeDateTime" />
</PersistedClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" />
</OutputClaims>
<IncludeTechnicalProfile ReferenceId="AAD-Common" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>


For the sake of further testing, I have tried other Context Claims Resolvers and was able to duplicate the same output.








azure-ad-b2c
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChristopherNorris-0538 avatar image ChristopherNorris-0538 ·

Have yall had an opportunity to review?

0 Votes 0 ·

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

Hi @ChristopherNOrris-0538,

I understand that you are are receiving the "not a valid AllXsd value" error when trying to input the DateTimeInUtc.

This is happening because you are trying to resolve the claim in the AAD Technical Profiles, which cannot be done at this point. You could resolve it at a self asserted step, or rest API step. Otherwise you can use this sample to get the last time the user performed MFA to sign on. https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-absolute-timeout-and-ip-change-trigger

You can use GetCurrentDateTime to get the current time at login and can use that as an input claim transform as part of your self asserted sign in technical profile.

There are examples here and here that achieve this. From the Stack Overflow thread, here is an example of using GetCurrentDateTime (full example on the thread) in the ClaimsTransformation:


   <ClaimsTransformation Id="GetSystemDateTime" TransformationMethod="GetCurrentDateTime">
         <OutputClaims>
           <OutputClaim ClaimTypeReferenceId="CurrentTime" TransformationClaimType="currentDateTime" />
         </OutputClaims>
       </ClaimsTransformation>

Let me know if this helps and if you have further questions.


If the information provided was helpful to you, please remember to "mark as answer" so that others in the community with similar questions can more easily find a solution.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.