Merge pull request #1785 from Jackson-Woods/patch-3

Document maximum regex based claims transforms and related errors

Author: v-dirichards

docs/identity-platform/jwt-claims-customization.md

@@ -91,6 +91,8 @@ If you need other transformations, submit your idea in the [feedback forum in Mi
 
 ## Regex-based claims transformation
 
+You can use regular expressions to transform claims. A maximum of 20 total regex replacements can be made when using regex-based claims transformations.
+
 The following image shows an example of the first level of transformation:
 
 :::image type="content" source="./media/jwt-claims-customization/regexreplace-transform1.png" alt-text="Screenshot of the first level of transformation.":::

docs/identity-platform/reference-error-codes.md

@@ -206,6 +206,8 @@ The `error` field has several possible values - review the protocol documentatio
 | AADSTS50161 | Failed to validate authorization url of external claims provider. |
 | AADSTS50162 | Claims transformation has timed out. This indicates too many or too complex transformations may have been configured for this application. A retry of the request may succeed. Otherwise, please contact your admin to fix the configuration. |
 | AADSTS50163 | Regular expression replacement for claims transformation has resulted in a claim which exceeds the size limit. Please contact your admin to fix the configuration.|
+| AADSTS501631 | Regular expression replacement for claims transformation results in too many replacements in the input sourceClaim. Please contact your admin to fix the configuration. |
+| AADSTS501632 | Regular expression replacement for claims transformation has too many substitution parameters in the replacement input parameter. Please contact your admin to fix the configuration. |
 | AADSTS50164 | The supplied access token was not issued for the purpose for which it is being used. Expected a token with purpose '{name}'. |
 | AADSTS50165 | The token encrypting algorithm '{algorithm}' requested by the application isn't supported for this type of token. This indicates the application is misconfigured. |
 | AADSTS50166 | Request to External OIDC endpoint failed. |

docs/identity-platform/saml-claims-customization.md

@@ -155,6 +155,8 @@ You can use the following functions to transform claims.
 
 ## Regex-based claims transformation
 
+You can use regular expressions to transform claims. A maximum of 20 total regex replacements can be made when using regex-based claims transformations.
+
 The following image shows an example of the first level of transformation:
 
 :::image type="content" source="./media/saml-claims-customization/regexreplace-transform1.png" alt-text="Screenshot of the first level of transformation.":::
@@ -170,7 +172,7 @@ The actions listed in the following table provide information about the first le
 | `5` | `Add additional parameter` | More than one user attribute can be used for the transformation. The values of the attributes would then be merged with regex transformation output. Up to five more parameters are supported. |
 | `6` | `Replacement pattern` | The replacement pattern is the text template, which contains placeholders for regex outcome. All group names must be wrapped inside the curly braces such as `{group-name}`. Let's say the administration wants to use user alias with some other domain name, for example `xyz.com` and merge country name with it. In this case, the replacement pattern would be `{country}.{domain}@xyz.com`, where `{country}` is the value of input parameter and `{domain}` is the group output from the regular expression evaluation. In such a case, the expected outcome is `[email protected]`. |
 
-The following image shows an example of the second  level of transformation:
+The following image shows an example of the second level of transformation:
 
 :::image type="content" source="./media/saml-claims-customization/regexreplace-transform2.png" alt-text="Screenshot of second level of claims transformation.":::