mfcollins3 · January 16, 2022 04:48
diff --git a/aad-userwriteusinglogonemail.xml b/aad-userwriteusinglogonemail.xml
 <TechnicalProfile Id="AAD-Common">
  <DisplayName>Azure Active Directory</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.AzureActiveDirectoryProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />

  <CryptographicKeys>
    <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
  </CryptographicKeys>

  <!-- We need this here to suppress the SelfAsserted provider from invoking SSO on validation profiles. -->
  <IncludeInSso>false</IncludeInSso>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
 </TechnicalProfile>

 <TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
  <Metadata>
    <Item Key="Operation">Write</Item>
    <Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
  </Metadata>
  <IncludeInSso>false</IncludeInSso>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
  </InputClaims>
  <PersistedClaims>
    <!-- Required claims -->
    <PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
    <PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password" />
    <PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown" />
    <PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" />

    <!-- Optional claims. -->
    <PersistedClaim ClaimTypeReferenceId="givenName" />
    <PersistedClaim ClaimTypeReferenceId="surname" />
  </PersistedClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="objectId" />
    <OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" />
    <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
    <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
    <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
  </OutputClaims>
  <IncludeTechnicalProfile ReferenceId="AAD-Common" />
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
 </TechnicalProfile>
	<TechnicalProfile Id="AAD-Common">
	<DisplayName>Azure Active Directory</DisplayName>
	<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.AzureActiveDirectoryProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />

	<CryptographicKeys>
	<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
	</CryptographicKeys>

	<!-- We need this here to suppress the SelfAsserted provider from invoking SSO on validation profiles. -->
	<IncludeInSso>false</IncludeInSso>
	<UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
	</TechnicalProfile>

	<TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
	<Metadata>
	<Item Key="Operation">Write</Item>
	<Item Key="RaiseErrorIfClaimsPrincipalAlreadyExists">true</Item>
	</Metadata>
	<IncludeInSso>false</IncludeInSso>
	<InputClaims>
	<InputClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" Required="true" />
	</InputClaims>
	<PersistedClaims>
	<!-- Required claims -->
	<PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress" />
	<PersistedClaim ClaimTypeReferenceId="newPassword" PartnerClaimType="password" />
	<PersistedClaim ClaimTypeReferenceId="displayName" DefaultValue="unknown" />
	<PersistedClaim ClaimTypeReferenceId="passwordPolicies" DefaultValue="DisablePasswordExpiration" />

	<!-- Optional claims. -->
	<PersistedClaim ClaimTypeReferenceId="givenName" />
	<PersistedClaim ClaimTypeReferenceId="surname" />
	</PersistedClaims>
	<OutputClaims>
	<OutputClaim ClaimTypeReferenceId="objectId" />
	<OutputClaim ClaimTypeReferenceId="newUser" PartnerClaimType="newClaimsPrincipalCreated" />
	<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
	<OutputClaim ClaimTypeReferenceId="userPrincipalName" />
	<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" />
	</OutputClaims>
	<IncludeTechnicalProfile ReferenceId="AAD-Common" />
	<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
	</TechnicalProfile>