When enabling this new self service password reset, it shows wrong titles on the login page.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-custom-policy#self-service-password-reset-recommended
It shows these:
Sign in with your social account
OR
Sign in with your sign in name
But I'm not using any social account, only local account, the Sign in with your social account is empty.
I also tried on this sample, removing facebook as social account, having only local account, however it keeps the empty Sign in with your social account.
https://github.com/azure-ad-b2c/samples/tree/master/policies/embedded-password-reset
Anyone managed to enable self service password reset for local account only and having the correct title Sign in with your sign in name?
This has been fixed in newest version of content definition. In TrustFrameworkBase file use for api.signuporsignin the following DataUri:
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.5</DataUri>
There are two ways to approach this:
Using the Localization features of the Identity Experience Framework. This will allow you to modify the UxElements on your Content Definitions. More information can be found at https://learn.microsoft.com/en-us/azure/active-directory-b2c/localization.
Completely customize the User Interface - https://learn.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-custom-policy
It took me a minute to test this on one of my policies, but this is what I added to my Sign In/Sign Up page to verify the localization.
<BuildingBlocks>
<Localization Enabled="true">
<SupportedLanguages DefaultLanguage="en" MergeBehavior="ReplaceAll">
<SupportedLanguage>en</SupportedLanguage>
</SupportedLanguages>
<LocalizedResources Id="api.selfasserted.en">
<LocalizedStrings>
<LocalizedString ElementType="UxElement" StringId="local_intro_generic">Brad</LocalizedString>
</LocalizedStrings>
</LocalizedResources>
</Localization>
</BuildingBlocks>
And then updated my Content Definition:
<ContentDefinition Id="api.selfasserted">
<LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.2</DataUri>
<Metadata>
<Item Key="DisplayName">Collect information from user page</Item>
</Metadata>
<LocalizedResourcesReferences>
<LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.selfasserted.en"/>
</LocalizedResourcesReferences>
</ContentDefinition>
Related
I implemented the steps in the example - all worked as expect to this point - and then I followed the instructions to enable KMSI.
When testing Identity Experience Framework->Custom Policies->B2C_1A_signup_signin ->Run , I can switch on the tickbox "Keep me signed in" when signing in. However, I close this window (or keep it open for that matter), Run the custom policy again and asks me to sign in again ("Keep me signed in" shows unticked).
I have triple checked the changes in the tutorial and example and can't see any difference (other than in the example I don't have LoadURI and RecoveryURI.
I note I have not made changes as per ContentDefinitions and only followed the instructions in enable KMSI because I didn't think that was a requirement in the tutorial.
Please give me some guidance what may be wrong. Thank you for your help
You are using a wrong method to test the KMSI feature.
If you "Run the custom policy again", it will always ask you to reenter your credential, which is by-design.
You should follow the steps of Test your policy.
You can close the window after you sign in for the first time.
And then follow the step 4, 5 and 6:
Go back to the Azure portal. Go to the policy page, and then select Copy to copy the sign-in URL.
In the browser address bar, remove the &prompt=login query string parameter, which forces the user to enter their credentials on that
request.
In the browser, click Go. Now Azure AD B2C will issue an access token without prompting you to sign-in again.
UPDATE:
You don't need to replace the SignUpOrSignin.xml and TrustFrameworkExtensions.xml. Just refer to my changes:
Add the following code snippet into the BuildingBlocks element in TrustFrameworkExtensions.xml.
<ContentDefinitions>
<ContentDefinition Id="api.signuporsignin">
<LoadUri>~/tenant/default/unified.cshtml</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0</DataUri>
<Metadata>
<Item Key="DisplayName">Signin and Signup</Item>
</Metadata>
</ContentDefinition>
</ContentDefinitions>
And then add the following node as a child of the element. It must be located immediately after <DefaultUserJourney ReferenceId="User journey Id" />.
<UserJourneyBehaviors>
<SingleSignOn Scope="Tenant" KeepAliveInDays="30" />
<SessionExpiryType>Absolute</SessionExpiryType>
<SessionExpiryInSeconds>1200</SessionExpiryInSeconds>
</UserJourneyBehaviors>
These are all the changes need to be made.
You don't need to remove &prompt=login in the files. Please see my screenshot above. After you copy the sign-in URL, it will be like this:
https://**.b2clogin.com/**.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_SignUpOrSignIn&client_id=**&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&prompt=login
Just remove the &prompt=login at the end of the URL and access it in a new window.
I followed the sample in the documentation to integrate custom email through DisplayControl on the signin and signup flow. This flow works as described.
I am also using the reset password flow. It should use the same custom email so I tried to transfer the changes from the signin/up flow to the password reset flow.
The VerificationDisplayControl is not rendered on the page!
What I changed: In TechnicalProfile LocalAccountDiscoveryUsingEmailAddress I added
<DisplayClaims>
<DisplayClaim DisplayControlReferenceId="emailVerificationControl" />
</DisplayClaims>
reusing the already present configuration.
What did I miss? Any suggestions?
Make sure you updated the content definition page contract version for that technical profile which supports display controls.
<Item Key="ContentDefinitionReferenceId">api.localaccountpasswordreset</Item>
<ContentDefinition Id="api.localaccountpasswordreset">
<LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.0.0</DataUri>
<Metadata>
<Item Key="DisplayName">Local account change password page</Item>
</Metadata>
</ContentDefinition>
{Culture:RFC5646} is returning two different values for English. Currently, when a user uses ProfileEdit or SignUpSignIn they are returning different values.
For example:
ProfileEdit returns: en-us
SignUpSignIn returns: en
I am using this in the LoadUri of ContentDefinitions so that we can have the user redirected to a customized and translated html page. However, with the two return values I am having to maintain two directories "/en" and "/en-us" instead of one.
I have verified that all the parent and child policies ContentDefinition's LoadURIs are using {Culture:RFC5646}.
We have tested multiple users from different locations.
I have researched the Azure B2C IEF localization documents, and it makes a reference to how the language is determined but it does not shed light on why the same user, with the same browser will return different values for {Culture:RFC5646}
Here is the Content Definition Load Uri for SignUpSignIn
<ContentDefinition Id="api.localaccountsignup">
<LoadUri>https://*****/b2c/IEF/{Culture:RFC5646}/selfasserted.html</LoadUri> <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:1.1.0</DataUri>
<Metadata>
<Item Key="DisplayName">Local account sign up page</Item>
</Metadata>
</ContentDefinition>
And here is the code for Profile Edit
<ContentDefinition Id="api.selfasserted.profileupdate">
<LoadUri>https://*****/b2c/IEF/{Culture:RFC5646}/updateprofile.html</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:1.1.0</DataUri>
<Metadata>
<Item Key="DisplayName">Collect information from user page</Item>
</Metadata>
</ContentDefinition>
What I would like is that the {Culture:RFC5646} return the same value for the same user. For example, SignUpSignIn returns "en-us" and ProfileEdit returns "en-us" that way I can maintain one directory instead of two.
I discovered the problem was being caused by the different policies were inheriting different Base Policies. Once I had them inheriting the same Base Policy, it is working as intended.
I am currently experiencing a problem with Azure B2C IEF Custom Policy. In my "ProfileEdit" UserJourney The user is presented with the sign-in screen. The problem here is that the continue button is actually labeled "Create" After the user signs in, they are presented with a Edit Profile Page. But again, the continue button is labeled as create.
I have done a lot of research. I could not find anything in stackoverflow and I have reviewed Microsoft Documentation and also ensured that the DataURIs are correct for the ContentDefinition.
The current Data URI is as follows:
urn:com:microsoft:aad:b2c:elements:contract:selfasserted:1.1.0
Any guidance would be greatly appreciated.
if you don't want to go with localization. You can still update button/ label values inside Metadata of relevant technical profiles.
For your scenario
Add new Metadata Item in Base file technical profile
SelfAsserted-LocalAccountSignin-Email like below
<Metadata>
---
<Item Key="language.button_continue">Continue</Item>
</Metadata>
You can customize any element text using localization.
The first step is to enable localization for English and any other languages to be supported:
<BuildingBlocks>
...
<ContentDefinitions />
<Localization>
<SupportedLanguages DefaultLanguage="en">
<SupportedLanguage>en</SupportedLanguage>
</SupportedLanguages>
</Localization>
</BuildingBlocks>
The second step is to define the localized strings for each supported language for each page definition:
<BuildingBlocks>
...
<Localization>
<SupportedLanguages />
<LocalizedResources Id="api.selfasserted.profileupdate.en">
<LocalizedStrings>
<LocalizedString ElementType="UxElement" StringId="button_continue">Update</LocalizedString>
</LocalizedStrings>
</LocalizedResources>
</Localization>
</BuildingBlocks>
The last step is to declare references from the page definition to the localized resources:
<BuildingBlocks>
...
<ContentDefinitions>
<ContentDefinition Id="api.selfasserted.profileupdate">
...
<LocalizedResourcesReferences MergeBehavior="Prepend">
<LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.selfasserted.profileupdate.en" />
</LocalizedResourcesReferences>
</ContentDefinition>
</ContentDefinitions>
<Localization />
</BuildingBlocks>
Entering a password on a CombinedSignInSignUp journey step using an invalid pattern defined for that field results in the following error message being displayed above the entry section of the form:
Incorrect pattern for [Password]
Is there a way to configure this error message so it can be made more user friendly?
Yes but that message can be used for multiple fields.
See this guide: Azure Active Directory B2C: Using language customization.
Download the current content:
Edit the json and re-upload it:
{
"ElementType": "ErrorMessage",
"ElementId": null,
"StringId": "UserMessageIfIncorrectPattern",
"Value": "Incorrect pattern for: {0}"
}
Thanks to spottedmahn for the information on language customisation. As I am using custom B2C policies I can't edit the language features through the Azure Portal.
I found that this policy from the WingTipGames example shows how to achieve what I want.
I added a LocalizedResourceReference to my ContentDefinition as follows:
<ContentDefinition Id="api.combinedsignupsignin">
<LoadUri>https://www.mywebsite.net/login</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0</DataUri>
<Metadata>
<Item Key="DisplayName">Signin and Signup</Item>
</Metadata>
<LocalizedResourcesReferences MergeBehavior="Prepend">
<LocalizedResourcesReference Language="en" Url="https://mywebsite.net" LocalizedResourcesReferenceId="api.combinedsignupsignin.en" />
</LocalizedResourcesReferences>
</ContentDefinition>
I then added this the following Localization section within BuildingBlocks:
<Localization Enabled="true">
<SupportedLanguages DefaultLanguage="en" MergeBehavior="ReplaceAll">
<SupportedLanguage>en</SupportedLanguage>
</SupportedLanguages>
<LocalizedResources Id="api.combinedsignupsignin.en">
<LocalizedStrings>
<LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfIncorrectPattern">Please enter a valid password</LocalizedString>
</LocalizedStrings>
</LocalizedResources>
</Localization>
This resulted with me getting the desired error message on screen:
"Please enter a valid password"