4

There appears to be limited documentation around sub journeys. https://learn.microsoft.com/en-us/azure/active-directory-b2c/subjourneys

I have a problem where in my SubJourney, I read the user and get the object Id. In the main UserJourney, I later use that object Id to read the user again, but it complains.

Error image

Although objectId is an output claim in the first step of the SubJourney, the main User Journey cannot use that output.

<SubJourneys>
        <SubJourney Id="ResetPhoneNumberOnAccount" Type="Call">
            <OrchestrationSteps>
                <!-- Look to see if the user exists if its a phone recovery -->
                <OrchestrationStep Order="1" Type="ClaimsExchange">
                    <ClaimsExchanges>
                        <ClaimsExchange Id="CheckIfUserExists" TechnicalProfileReferenceId="AAD-UserDiscoveryUsingLogonPhoneNumber-FullProfile" />
                    </ClaimsExchanges>
                </OrchestrationStep>
           <!-- Other Step -->
    </SubJourney>
</SubJourneys>

AAD-UserDiscoveryUsingLogonPhoneNumber-FullProfile is defined: https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/scenarios/phone-number-passwordless/Phone_Email_Base.xml#L905

Are SubJourneys not able to send output claims up the chain?

Jon McEroy
  • 505
  • 4
  • 11
  • Hi Jon, would you be willing to share your code? I use sub journeys and cannot say that I am experiencing this problem. – Christopher Norris Feb 17 '21 at 14:13
  • 1
    I'm running into the exact same problem. Just pushing off the first part of a journey into a subjourney causes the loss of claim access later on, be it objectId or alternativeSecurityId – Matt Wise Feb 17 '21 at 21:24
  • Let me see if I can create a small example that shows it. – Jon McEroy Feb 18 '21 at 16:23

2 Answers2

5

Yes, output claims from orchestration steps in sub journeys are accessible from the parent user journey. It seems like when an orchestration step depends on an output claim returned from a sub journey, the step must itself be encapsulated in its own sub journey.

If AAD-UserReadUsingObjectId exists in the main journey, but objectId is only output in a sub journey, the policy will fail validation. This appears to me to be bug with the XML schema validator.

I have examined trace logs in app insights and, after applying this workaround, can confirm that claims output in sub journeys do persist until the main journey has ended.

For a more in depth look at this problem, check out my issue on GitHub.

Daniel Krasnove
  • 204
  • 3
  • 6
  • I am facing an error that the relying party technical profile uses an output claim which is not an output of any previous steps. As we cannot wrap the relying party inside a sub-journey, do you have an idea how this scenario might be handled? – milorad Jun 14 '22 at 14:46
  • 1
    @milorad Create a technical profile that outputs this claim in any previous orchestration step. You can optionally prevent the technical profile from executing by adding some precondition that is always false. This should be sufficient to appease B2C. – Daniel Krasnove Jun 16 '22 at 04:28
0

Seems like its not possible, can you try using the transfer sub-journey here?

<SubJourneys>
  <SubJourney Id="B" Type="Transfer">
    <OrchestrationSteps>
      ...
      <OrchestrationStep Order="5" Type="SendClaims">
    </OrchestrationSteps>
  </SubJourney>
</SubJourneys>
SouravMishra-MSFT
  • 441
  • 4
  • 10
  • 1
    I am sure that would work if I copied the end of the main journey to the different sub journeys, but I wanted to send the sub journey information back up and finish the main journey. – Jon McEroy Feb 19 '21 at 17:03
  • Won't work for me either. I would like to commonize the beginning of our user journeys using subjourneys which won't work if the claims are not available once we individualize. – Matt Wise Feb 19 '21 at 17:24