I am trying to implement the passwordless configuration as per the following custom policy:
https://github.com/azure-ad-b2c/samples/tree/master/policies/passwordless-email
I get the following error message when uploading the xml file:
B2C_1A_TrustFrameworkExtensions_passwordless" of tenant "xxxxx.onmicrosoft.com" makes a reference to TechnicalProfile with id "LocalAccountDiscoveryUsingEmailAddress" but neither the policy nor any of its base policies contain such an element.Policy
Can anyone help please?
You have not deployed the Azure AD B2C starter pack.
Follow the pre requisites
https://github.com/azure-ad-b2c/samples#prerequisites
Related
I'm trying to connect the edit profile custom policy given in the starter pack with the send grid file extension, I'm reading this
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-email-sendgrid?pivots=b2c-custom-policy
but it is confusing to me. I appreciate some explanation,thanks
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack
https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-email-verifcation-displaycontrol/policy/SendGrid
I want to implement custom policy in the Identity Experience Framework to authenticate Azure AD users. I have successfully uploaded the XML files for local and Azure AD users.
When I run the sample application and try to log n using the Azure AD account, I got the following error.
Error message:
AADB2C90240: The provided id_token is malformed and could not be parsed. Please provide another token and try again
so, someone can help to solve this. Thanks in Advance.
The error usually occurs if there is issue with the ID token as mentioned in this MsDoc.
I agree with Markus Meyer, to resolve the error try generating the token with symmetric keys.
Create a shared key and add Azure AD B2C add the signing key like below:
Go to Azure Portal -> Azure AD B2C -> Policies -> Identity Experience Framework -> Policy Keys -> Manual
Use IdTokenHintKey for Name and enter the sign-in key in the secret box.
Use encryption for usage and create.
Create a technical profile which validates the token.
Create a policy
To know how to do it in detail, please refer below link:
Define an ID token hint technical profile in a custom policy - Azure AD B2C | Microsoft Docs
Trying to implement following scenario: implement Azure B2c and azure AD as one of identity providers. Only way to achieve it is using custom policies. I followed those tutorials:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom#prerequisites
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom#create-an-azure-ad-b2c-application
The problem is when i trying to upload TrustFrameworkExtensions.xml got info that my tenant
makes a reference to ClaimType with id "issuerUserId" but neither the
policy nor any of its base policies contain such an element.
Found similar issue here
https://github.com/MicrosoftDocs/azure-docs/issues/27602
and replace issuerUserId by socialIdpUserId. It seems to be solved but during upload another issue came up:
makes a reference to ClaimsTransformation with id
"CreateRandomUPNUserName" but neither the policy nor any of its base
policies contain such an element.
Got claims provider configuration from the tutorial and now i dont really have any idea how to fix it.
Thanks in advance for any help.
EDIT
Based on #CHris solution i make those files correct (no errors during uploading)
but there is still some problems with parsing returning token. Has anyone made example from the second link up and running (Azure ad b2c and many azure ad injected in multitentant azure ad).
Is It possible to create a multi step sign up custom policy in azure ad b2c ?
I mean I need to capture personal details and verify them against my database if valid? Then second page to create a username and password and store them in azure active directory.
Since I already have a design implemented for these pages I don't want to change this by using ad b2c.
Please help.
Yes, this is possible, see the Wingtip sample for Azure AD B2C custom policies which contains a sign-up or sign-in policy that includes multiple orchestration steps.
You will have to validate the personal details via a REST API.
I’m trying to create a single Sign-Up or Sign-In policy but I get the following error message:
There was an error while creating the policy ‘An object was not found while retrieving extension properties in tenant “73a55309-…”. Error returned was 404/Request_ResourceNotFound: Resource ‘7c7ab660-…’ does not exist or one of its queried reference-property objects are not present.’
Despite this error my policy has been created but I think it’s not working correctly because I’m trying to sign up on the default page and after this action I see blank page with ‘Bad Request’.
EDIT 1: I made all the steps on the basis of https://cgillum.tech/2016/05/27/app-service-auth-and-azure-ad-b2c/
EDIT 2: On the MSDN forum they suggest I delete my 'b2c-extensions-app' but I don't know what it is and where I can find it. I've checked it in Azure classic portal -> Active Directory -> My AAD B2C -> Applications my company owns: there is only my 'test' application.
SOLUTION: They are right on the MSDN forum. I've created a new AAD B2C and 'b2c-extensions-app' has been created automatically. After that I have no problems with creation of policy.
As you have already indicated, if you are seeing the error
"An object was not found while retrieving extension properties in tenant "
while performing any operation in Azure AD B2C, that indicates that the b2c-extensions app has been deleted.
It might be possible for you to restore the applications by leveraging Azure AD Graph's /deletedApplications endpoint. See this other post for more info: How to add b2c-extensions-app in Azure AD B2C
Alternatively, as per your approach, you can create a brand new Azure AD B2C tenant which will have this application and just be careful not to delete the b2c-extensions application again.