I'm trying to connect the edit profile custom policy given in the starter pack with the send grid file extension, I'm reading this
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-email-sendgrid?pivots=b2c-custom-policy
but it is confusing to me. I appreciate some explanation,thanks
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack
https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-email-verifcation-displaycontrol/policy/SendGrid
Related
I'm looking into implementing the add password change policy for my SPA. It all seems straight-forward, but I would like to trigger the password change popup from my React code which is using the msal-browser library. In the mentioned tutorial, in the Run the policy section, there is no indication on how to trigger this from the application. Any ideas?
You can configure the authentication in react SPA by using Azure AD B2C policy as mentioned here.
In this sample, you can configure the password change policy in similar way as profile edit.
I have tried following this guide for setting up custom policies: Tutorial: Create user flows and custom policies in Azure Active Directory B2C.
But with the LocalAccounts only sample files. When running the custom policies it fails with a very generic error message.
Sorry, but we're having trouble signing you in.
We track these errors automatically, but if the problem persists feel free to contact us. In the meantime, please try again.
What I would really love is either:
A guide for setting up LocalAccount custom policies with SendGrid integration or
A SendGrid integration for the UserFlows (kept simple, supply API key and template ids)
You should enable application insights logging to better understand what's going on: https://learn.microsoft.com/en-us/azure/active-directory-b2c/troubleshoot-with-application-insights?pivots=b2c-custom-policy
About SendGrid, there is a tutorial for it: https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-email-sendgrid?pivots=b2c-custom-policy. You can't use SendGrid with USer Flows but only with Custom Policies.
In the pre-requisites of that doc, you can use my IEF Setup Tool, which autoamtes the article. If you select the "Remove facebook" option, you will deploy the Local+Social+MFA starter pack with the LocalAccount journey. This keeps all dependancies available if you change your mind later on.
Then you can test the policy from the Azure Portal:
Create an app registration with https://jwt.ms as the reply url and implict flow enabled.
Test the policy.
Custom email providers doesnt work for User Flows, you require Custom Policies.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-email-sendgrid?pivots=b2c-custom-policy
I am trying to implement the passwordless configuration as per the following custom policy:
https://github.com/azure-ad-b2c/samples/tree/master/policies/passwordless-email
I get the following error message when uploading the xml file:
B2C_1A_TrustFrameworkExtensions_passwordless" of tenant "xxxxx.onmicrosoft.com" makes a reference to TechnicalProfile with id "LocalAccountDiscoveryUsingEmailAddress" but neither the policy nor any of its base policies contain such an element.Policy
Can anyone help please?
You have not deployed the Azure AD B2C starter pack.
Follow the pre requisites
https://github.com/azure-ad-b2c/samples#prerequisites
The past few days I have spent following this guide to setting up Azure B2C as an IDP in a SAML authentication flow - https://learn.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers
It was very helpful in getting me familiar with custom policies and I was able to get it working with the Microsoft Sample App as the Service Provider, but now I am struggling to figure out how to adapt what works with the Sample App to work with any real service providers that I am attempting.
Specifically, I would like to first setup Salesforce as our service provider, but am running into a wall that I am finding difficult to troubleshoot.
So far, I have created a single sign on setting in Salesforce and loaded it with the information from the metadata provided by the Azure custom policy, as well as updating the manifest for our SAML application to make the identifierUris point to the entity ID provided by the Single Sign On setting in Salesforce. The loaded data should be attempting to use the same custom policy that I was using to log in using the Sample Application and I have added the appropriate auth option to the Salesforce login page.
Now when I attempt to login through the SSO button that is on my Saleforce login page that ties to this setting, I am met with this error that I am unable to login with SSO before I am even able to enter my any credentials or met with a login screen: error
Given the somewhat vague nature of the error and the lack of logging or other tools to troubleshoot, I am sort of unsure what I might still be missing to get this working correctly or where I can even find this information. I suspect one thing that I might need still is to point the SAML app in B2C at a metadata url from Salesforce, but I have been unable to track down where I might find the metadata that Salesforce is expecting to provide it. It seems likely to me that the problem is on the Azure side of things since I am not even able to get the point where I can enter my credentials for Salesforce to reject the SAML response, and since the single sign on settings were loaded directly from the custom policy meta data XML, but I can't say for sure either way which is in part why I am not sure what to try next.
We have also looked into setting it up as an OpenID Connect SSO, but would prefer to get SAML working if possible as we are also planning to connect our B2C AD with several other applications that will require we use SAML.
Curious if anyone else has run into similar issues and was able to resolve it or if there are any ways to troubleshoot this that I might be overlooking.
Update
Using the SAML tool recommended I was able to find that the error I was hitting is as follows:
Application registered corresponding to IssuerUri "--EntityID--" in AuthRequest does not have assertion consumer service URL "--EntityId--" specified in its metadata.
According to a forum post on the SF help forums, the login URL of the Single Sign on Settings created in Salesforce should be the URL to use. However, when I attempted to add this URL to the replyUrlsWithType attribute in the manifest of the Azure app, I got an error on saving that a property has an invalid value.
Today, I integrated Salesforce as Service Provide against B2C as Idp. I did not try creating the app registration but instead I downloaded the Salesforce metadata and used it inside of my B2C policy like the code below.
Basically is the same but instead of save the Salesforce metadata(Login/Logout URIs) by registering a new application in B2C, I saved it in a XML file and pointed my B2C policy to use that metada.
<Metadata>
<Item Key="PartnerEntity">{Settings:B2C_SAML_PARTNER_ENTITY_SFE}</Item>
</Metadata>
Trying to implement following scenario: implement Azure B2c and azure AD as one of identity providers. Only way to achieve it is using custom policies. I followed those tutorials:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom#prerequisites
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom#create-an-azure-ad-b2c-application
The problem is when i trying to upload TrustFrameworkExtensions.xml got info that my tenant
makes a reference to ClaimType with id "issuerUserId" but neither the
policy nor any of its base policies contain such an element.
Found similar issue here
https://github.com/MicrosoftDocs/azure-docs/issues/27602
and replace issuerUserId by socialIdpUserId. It seems to be solved but during upload another issue came up:
makes a reference to ClaimsTransformation with id
"CreateRandomUPNUserName" but neither the policy nor any of its base
policies contain such an element.
Got claims provider configuration from the tutorial and now i dont really have any idea how to fix it.
Thanks in advance for any help.
EDIT
Based on #CHris solution i make those files correct (no errors during uploading)
but there is still some problems with parsing returning token. Has anyone made example from the second link up and running (Azure ad b2c and many azure ad injected in multitentant azure ad).