I am trying automatic provisioning from Azure Active Directory to salesforce. The single sign on is working for salesforce but automatic provisioning is giving error. In salesforce I chose JIT provisioning with SAML JIT Handler but provisioning is giving the following error.
ErrorCode: INVALID_OR_NULL_FOR_RESTRICTED_PICKLIST ErrorMessage: Locale: bad value for restricted picklist field: en
Try to System.debug in the Handler but it seems that this code is not been executed. Nothing in the logs.
You are trying to fill LocaleSidKey with 'en', but that is not a valid choice. 'en_us' would be a valid choice.
Related
I'm trying to follow this documentation https://learn.microsoft.com/en-us/windows/uwp/monetize/view-and-grant-products-from-a-service#step-1 on "Manage product entitlements from a service"
I created a new application in Azure AD (single-tenant application) and I reached the point where I need to set "identifierUris" in the manifest file with the following content:
"identifierUris" : [
"https://onestore.microsoft.com",
"https://onestore.microsoft.com/b2b/keys/create/collections",
"https://onestore.microsoft.com/b2b/keys/create/purchase"
],
Whenever I do that, I get this error message:
Failed to update XXX application. Error detail: Application alias 'url' value is invalid. [Ja+Ze]
Any idea why I'm getting this error message? I tired to change some application settings but no luck so far
Assuming onestore.microsoft.com is a sample custom tenant you might try with {yourtenantname}.onmicrosoft.com.
I have been following after this guide step by step:
https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi
The only thing that I didn't do (not sure if its related) is the following line:
"Also in the ToGoAPI project, open the file Controllers/ToGoListController.cs. In the [EnableCors...] attribute, enter the location of the To Do SPA client. By default it is https://localhost:44326. Make sure to omit the trailing slash.
"
The reason I didn't do it is simply because I can't find any [EnableCors...] in the code. I did try to enable CORS in a different way though. following this:
https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api#enable-cors
Anyway, I get the following error:
"Error :invalid_resource
adal.js:973 Error description:AADSTS500011: The resource principal named https://yorecisraportsco.onmicrosoft.com/ToGoAPI was not found in the tenant named yorecisraportsco.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: 64213edc-4b12-4caa-aa4e-b9ec82bd3000
Correlation ID: 607d25c1-d915-46eb-ba48-67adb70ddab8
Timestamp: 2019-03-04 12:41:33Z"
I am not sure why this is happning as I followed the guide - configured everything in Azure like it said and also configured it in the code.
I'm testing Azure B2C with Salesforce as IdP, and the login process works fine from Salesforce perspective (Salesforce Identity Provider Event Log show "success" for sing-on attempts), but redirection back to simple testing web application ends up to error page such as
/redirect.html#error=server_error&error_description=AADB2C90037%3a+An+error+occurred+while+processing+the+request.+Please+contact+administrator+of+the+site+you+are+trying+to+access.%0d%0aCorrelation+ID%3a+f0292157-ffad-472d-8119-3cd05518654c%0d%0aTimestamp%3a+2018-02-13+15%3a01%3a54Z%0d%0a
Looking at Application Insights, I see error:
A claim could not be found for lookup claim with id "objectId" defined in
technical profile with id "AAD-UserReadUsingObjectId" policy
"B2C_1A_SignUpOrSignInUsingSalesforce" of tenant "xyz.onmicrosoft.com".
I've followed the tutorial here and double checked lots of things, but not sure it this issue is due to invalid UserJourney or ClaimsProvider/TechnicalProfile. Or is it just that I'm missing respective user in Azure B2C that I have in Salesforce?
I don't at least see 'objectId' incoming in saml:Assertion:
<saml:Assertion xmlns:samlp=\""urn:oasis:names:tc:SAML:2.0:protocol\"" xmlns:xsi=\""http://www.w3.org/2001/XMLSchema-instance\"" ID=\""_b0b0193ce1e861e13ec39f9a991cb3501518533690616\"" Version=\""2.0\"" IssueInstant=\""2018-02-13T14:54:50.616Z\"" xmlns:saml=\""urn:oasis:names:tc:SAML:2.0:assertion\""><saml:Issuer Format=\""urn:oasis:names:tc:SAML:2.0:nameid-format:entity\"">https://XYZ.my.salesforce.com</saml:Issuer><saml:Subject><saml:NameID Format=\""urn:oasis:names:tc:SAML:2.0:nameid-format:transient\"">jussi.palo#XYZ.com</saml:NameID><saml:SubjectConfirmation Method=\""urn:oasis:names:tc:SAML:2.0:cm:bearer\""><saml:SubjectConfirmationData NotOnOrAfter=\""2018-02-13T14:59:50.616Z\"" Recipient=\""https://login.microsoftonline.com/te/XYZauthdev.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer\"" InResponseTo=\""_50a752dd-244c-4447-9ac9-6338e8bb692e\"" /></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore=\""2018-02-13T14:54:20.616Z\"" NotOnOrAfter=\""2018-02-13T14:59:50.616Z\""><saml:AudienceRestriction><saml:Audience>https://login.microsoftonline.com/te/XYZauthdev.onmicrosoft.com/B2C_1A_TrustFrameworkBase</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant=\""2018-02-13T14:54:50.616Z\""><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute Name=\""userId\"" NameFormat=\""urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified\""><saml:AttributeValue xsi:type=\""xs:anyType\"">0050N0000060rpy</saml:AttributeValue></saml:Attribute><saml:Attribute Name=\""username\"" NameFormat=\""urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified\""><saml:AttributeValue xsi:type=\""xs:anyType\"">jussi.palo#XYZ.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name=\""email\"" NameFormat=\""urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified\""><saml:AttributeValue xsi:type=\""xs:anyType\"">jussi.palo#XYZ.com</saml:AttributeValue></saml:Attribute><saml:Attribute Name=\""is_portal_user\"" NameFormat=\""urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified\""><saml:AttributeValue xsi:type=\""xs:anyType\"">false</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>
For some reason, the User Journey Player isn't showing anything, so I'm thus far been stuck with Application Insights.
Looks like it was confusion on what Starter Pack policy files should be used with the Salesforce instructions. Turned out using "SocialAndLocalAccounts" policy files as a basis did the trick, so my UserJourney was not right at first.
I will leave the question here for anyone else running into similar error messages.
I'm trying to make a POST request to Azure AD GraphAPI to create a user in my AD B2C tenant, but I'm getting the following error
"Error Calling the Graph API:
{
"odata.error": {"code": "Request_DataContractVersionMissing",
"message": {"lang": "en",
"value": "The specified api-version is invalid. The value must exactly match a supported version"}
}
I do send the version, and based on the docs it is supported.
Version 1.6
This section lists the changes for Graph API version 1.6.
Graph API version 1.6 introduces the following feature changes:
Added support for Azure Active Directory B2C local account users. This involves new properties on the User entity and a new complex type
SignInName to support local account sign-in to Azure Active Directory
B2C tenants. For more information about Azure Active Directory B2C,
see the Azure Active Directory B2C documentation.
[Edit]
submitted json
{"accountEnabled":true,"signInNames":[{"type":"userName","value":"ausername"}],"creationType":"LocalAccount","displayName":"A display name","passwordProfile":{"password":"a password","forceChangePasswordNextLogin":true},"passwordPolicies":"policies","country":"MX","givenName":"Fstname","surename":"Lstname","department":"Dpt","jobTitle":"Title","mail":"mail#server.com","otherMails":[],"preferredLanguage":"es-MX"}
Any clue on why I'm getting the error?
There is something wrong with the api-version query parameter: Request_DataContractVersionMissing
Data contract version parameter is missing. Include api-version as a query parameter with all your requests.
Doesn't Work
https://graph.windows.net/ebenefitsdev.onmicrosoft.com/users?apiāversion=1.6
I get Request_DataContractVersionMissing error when submitting that.
Does Work
https://graph.windows.net/ebenefitsdev.onmicrosoft.com/users?api-version=1.6
The difference is the hyphen char. One is the 'normal' one I typed on my keyboard. The other is from here.
I suspect it is a copy paste problem (I've experienced these in the past).
I see one problem: signInNames not signInName
Documentation for user entity
For future readers, I ran into this issue with 2.0 of graph.windows.net, but it was not the hyphen. It seems this error is also shown if the client ID you used to get a resource token for graph.windows.net is not correct.
I'm trying to setup an Azure AD B2C account in MVC 5 App. But after follow all tutorials in Azure docs I'm getting an strange error, maybe is a wrong configuration or something related, but I follow the guides step by step and still getting de error.
When I ran my SignUp Policy, and enter all required claims (currently only EmailAddress, GivenName and SurName), then I click on created and I got an AuthenticationFailed notification in my website, with the following exception:
AADB2C90063: The B2C service has an internal error.
Correlation ID: 859eabf9-9e21-44af-9219-1857e38e9ab2
Timestamp: 2016-06-14 03:37:06Z
If I create the user in the directory manually via Azure Management Portal (http://manage.windowsazure.com/), I can log in in the app and list all claims, but I can't sign up because I always got above error.