I was simply following this guide:
Get started with custom policies in Azure Active Directory B2C
Following all the previous instructiones without a problem. I got to "Test the custom policy" where I got stuck. When I open any of my custom policies it is a same story. Application select and select reply url is greyed out.
Any idea what might cause it?
Sreenshot of my problem:
Image
Please create a B2C application registration.And you can refer to this doc.
Related
I'm using Azure B2C. I have a custom claim I want include on profile edit. This is the built in user flow for Profile Edit (B2C_1_ProfileEdit).
I go to Application claims, select my claim, and click Save I get an error message
"Unexpected error, please try again later"
No details were given in the error message.
What could this be? I'm not sure where to look to debug it? Any ideas?
I was about to create a support ticket with Microsoft today. Before I did that, I tried to update it again and it worked this time. Must have been an Azure problem !
My purpose is to create bug in Azure DevOps directly from Azure Application Insight, I am doing to attach the work item (bug) feature available in Azure Application Insight but on clicking Authorize button it give me following error
Authorization token provided through OAuth does not have access to read/write work items for requested uri/project collection/project
for reference please find the below image.
Updates:
I didnt understand what you meant by private browser, and I have full admin access over Azure Portal.
basically I have the https://dev.azure.com/HealthTechnologies/ReportItNow link in which
https://dev.azure.com is the devop url
HealthTechnologies is the organization
ReportItNow is the Project
so in Azure insight workitem section, URL I am putting https://dev.azure.com/HealthTechnologies/ and in project I am putting ReportItNow, I dont know what i am doing wrong.
Still waiting for this glitch to solve.
Oky let me make it more simple, if I want to automatically create bug in Azure DevOps when ever any new exception came in to the Azure
Application Insight How I can get this into real practical.
I solve this when I took a detailed look at the error message url. It's saying that the missing authorization is for https://uri/Project Collection/Project. Based on that, I changed my url from https://dev.azure.com/organization to https://dev.azure.com/ and it worked,
I'm trying to include Terms of Service and/or Privacy Statement links to Azure AD web application consent screen according to documentation.
I can see and test the consent screen just fine when appending &prompt=consent on login URL https://login.microsoftonline.com/TENANT_ID/oauth2/authorize?response_type=id_token&redirect_uri=https%3A%2F%2Fmyapp.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=CLIENT_ID&scope=openid+profile+email&response_mode=form_post&nonce=NONCE&state=redir%3D%252F&sso_reload=true&prompt=consent but for some reason ToS/PS links are not shown where they should be (please see documentation link above).
Here's how I have defined them on app manifest:
Is there something else in addition to defining the URLs that is required for the links to be shown on consent screen?
I can reproduce your issue. After changing the application to multi-tenant. It works.
This is my test result.
Then I check the document again.
The terms of service and privacy statement are especially critical for
user-facing multi-tenant apps--apps that are used by multiple
directories or are available to any Microsoft account.
Hope it helps.
I am trying to set up resource owner password credentials flow in Azure AD B2C using https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc
I followed the instructions on the page closely. When I try and log in using Postman, I get the error "AADB2C: An exception has occurred." There seems to be no way of seeing the details of the error, and the standard Azure audit logs are empty.
How do you find the details of these errors?
I have seen that you can configure application insights, but that requires a custom profile (which may be my only option)
Edit - I got it to work, turns out I had the wrong flow policy selected - so if you get this please make sure to triple check it! I would still consider this a bug or poor user experience though as there should be a way to actually debug the error yourself without having to contact Microsoft.
Read some awesome documentation about Azure AD B2C here. Then make sure you download Gaining Expertise with Azure AD B2C.
Check this section: Test and Debug a Custom Policy by Using Application Insights.
I'll paste the content here just in case:
You can use the detailed log information provided by Application
Insights to investigate any issues that might occur with a custom
policy. Use the following steps to configure IEF to send events
directly to Application Insights.
Using Visual Studio, open the SignUpOrSignIn.xml file.
Add the following attribute to the <TrustFrameworkPolicy> element.
DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"
Under the <RelyingParty> element, add the following <UserJourneyBehaviours> node immediately after <DefaultUserJourney ReferenceId="SignUpOrSignIn" /> element. Replace the bold text with your application Insight Key.
<UserJourneyBehaviors>
<JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="Your Application Insight Instrumentation Key" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
</UserJourneyBehaviors>
Note the following points:
DeveloperMode=true is good for development but constrained at high volumes because it tells Application Insights to expedite the telemetry through the processing pipeline.
ClientEnabled="true" will send client-side scripts to Application Insights, for tracking page view and client-side errors
ServerEnabled="true" will send the existing UserJourneyRecorder JSON as a custom event to Application Insights
...
Save the file.
Return to the Azure Portal and switch to your B2C tenant. Open the Azure AD B2C Blade and select Identity Experience Framework.
Select Upload policy and upload the SignUpOrSignIn.xml policy file. Select overwrite the policy if it exists.
Check the logs in Application Insights
Select the B2C_1A_signup_signin policy.
Select Run now.
Attempt to sign in as:
an invalid user (type a random email address). T
TestUser#AwesomeYourLastname.onmicrosoft.com but with the wrong password.
TestUser#AwesomeYourLastname.onmicrosoft.com using the correct password.
In the Azure portal, switch back to your Azure tenant, and open the DemoInsightsForCustomPolicies Application Insights resource.
In the Details/Overview menu, select Analytics.
Open a new tab inside the Application Insights web application.
Use any of the following example queries to view log information.
traces: See all of the logs generated by Azure AD B2C
traces | where timestamp > ago(1d): See all of the logs generated by Azure AD B2C for the last day
traces | count: See how many events have been generated
traces | render pie chart: Summarize the data as a pie chart
Note that you might have to wait for a few minutes before logs start appearing in Application Insights.
If necessary, you can download the query results and export them to CSV files if you need to perform a detailed analysis.
You can learn more about performing analytics with Application Insights here.
#######
Following these steps I was able to see the real exception message returned by B2C when executing a custom Password Reset policy. See below:
I tried this, it worked well. The following is my tried in the postman:
I am trying to do some experimentation with MSAL JS and ADAL JS libraries. I was able to get MSAL JS working fine by doing configuration at Azure Active Directory => "App Registrations (preview)". However when I switched to ADAL JS I get an error about needing version 2.0, so I think I need to use the regular "App Registrations" screen.
However, when I click on the regular "App Registrations" button I get:
Access Denied
You do not have access
Looks like you don't have access
to this content. To get access, please contact the owner.
I think it's odd that I can access the "preview" app registrations screen but not the regular one.
I saw somewhere online somebody suggested making changes at "User Settings", but that screen gives me the same error message. Going to "Users" I see 0 users, and it won't let me add any (the plus is greyed out).
The account I am using is just a personal account, it is not tied to any organization so there is no admin. I assume I should have full permission or be able to give it to myself, but can't figure out how.
Getting a Trial Azure account fixed this problem, so it appears one is needed to use the "App Registrations" section.
It is still a little unclear why an account is not needed for the preview mode, however.
Also, it would be nice if Azure would show a proper message saying an account is needed instead of a error message, but that is a minor point.