We are migrating to Azure AD B2C, and we have some IdP-initiated SSO flows with federated third parties that we need to send SAML tokens to. There are some SAML attributes where we get the value from a B2C API connector to augment the token.
From what I have read, B2C will prefix these SAML attributes on the token with extension_.
We're already doing SSO with several third parties, and they all have a standardized set of attribute names that they except on the token. So, it will be extra work for them if they need to code a special case for us where we send the SAML attributes with an extension_ prefix.
Is it possible to add those extension attributes to the SAML token without the extension_ prefix?
B2C does not automatically make extension attributes, you have to define them.
In terms of SAML claims, you have this option:
<ClaimType Id="groups">
<DisplayName>Groups</DisplayName>
<DataType>string</DataType>
<DefaultPartnerClaimTypes>
<Protocol Name="SAML2" PartnerClaimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"/>
<Protocol Name="OpenIdConnect" PartnerClaimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"/>
</DefaultPartnerClaimTypes>
</ClaimType>
or you can do this in the RP:
<OutputClaim ClaimTypeReferenceId="extension_companyname" PartnerClaimType="companyname"/>