Azure B2C Signup Flow password validation is missing failure text - azure

When signing up a new user, the password field is setup to require a complex password. While entering the information a warning pops up if the field does not match the security pattern. If the user ignores that and tries to create the account, the warning about the password disappears and the heading says "One or More Fields are filled out incorrectly. Please check your entries and try again".
Problem is we are getting support calls from new users that can't create accounts because the warning about which specific field causing the error is hidden. They are left to guess which field is filled out incorrectly. Why does the B2C signup flow hide the fact that the passwords are not strong enough after they continue?
Thanks,
J

Yeah, I'm running into this as well. It's not a very good error message for a password not meeting the complexity requirements.
However, it is possible to modify the error message via the "Language Customization" feature.
It's a part of the user flow "Languages" tab.
The docs for language customization are here:
https://learn.microsoft.com/en-gb/azure/active-directory-b2c/language-customization?pivots=b2c-user-flow
The feature is also available for custom policies.

Related

How to tune PasswordReset custom policy

I am newbie in azure ad b2c custom policies. Currently I am trying to understand is it possible to redefine LocalAccount PasswordReset custom policy from starterpack in the way as on the picture:Desired journey
Requirements are
1st screen: exclude separate SendCode button making Continue button responsible for both: sending code and moving to the next screen if the code was sent;
2nd screen: lock email, provide VerifyCode field, Continue button responsible for both: verifying the code and moving to the next screen if the code was verified;
3rd screen: standard screen with newPassword, reenterPassword and Continue button as in the starterpack
I really hope you can help
• Yes, you can surely create the password reset setup as you desire in the diagram attached in your post. For this purpose, you will have to edit the ‘Trustframeworkextensions.xml’ file with that given in the link as below: -
https://github.com/azure-ad-b2c/samples/commit/7669af06637550739e845b7ad42211a3a412658d
In the link above, the ‘SplitEmailVerificationAndSignup_TrustFrameworkExtensions.xml’ file must be uploaded and used in the Azure AD B2C Identity Experience Framework custom policies list. In this file, you will have to edit the ‘Technical Profile’ section with ID ‘LocalAccountSignUpWithReadOnlyEmail’. In that, you will have to remove the ‘OutputClaim’ for ‘objectId’, ‘displayName’, ‘givenName’, ‘surName’, ‘newUser’ and ‘authenticationSource’ from the said ‘TechnicalProfile’. Else, let all other details be the same and then upload the policy and try testing the user flow. It will give you the same result screen as expected by you.
Also, ensure that the ‘SplitEmailVerificationandSignup.xml’ file is also uploaded such that the references for other policy files are found correctly.

Internal server error on second step of split sign-up journey

If I attempt to both separate email verification and user registration (as per this sample) and use custom email verification (as per this one) in the same policy, I get a non-descript "The page cannot be displayed because an internal server error has occurred" 500 error after successful email validation but before the 2nd self-assertion screen is displayed. App Insights logging states that the policy transitioned to a Microsoft.Cpim.Common.PolicyException state, possibly after an IsSelfAssertedEmpty predicate returned true. But nothing in the logging suggests what's empty and as best I can tell nothing is. Any ideas either how to fix this issue or how to diagnose the cause?
Microsoft's sample for splitting email verification and sign-up includes a 'PartnerClaimType="Verified.Email"' attribute on the email output claim on the verification technical profile. Somehow, the out of the box email verification control provides this partner claim, whereas the custom control defined in their custom email example does not. I can't say I understand how this works since display controls can't have output claims, but removing the partner claim reference solves the 500 error.

How to get a proper error message in Azure B2C built-in signup flow

I'm using the built-in azure b2c sign up user flow in my application. The signup form doesn't give the proper validation messages. It always gives one generic message and it's always located at the top. Is there any way to customize this message and put it below the input field, that failed the validation?
The following image shows one scenario where the password is week. but still, the error message has no indication about the password.
Please take a look at this: https://learn.microsoft.com/en-us/azure/active-directory-b2c/localization#predicate using predicates to define the error message displayed to a user.

Customize Reset password screen

I have a application registerd in Azure AD B2C, When new user logs in for the very first time he is redirected to the attached screen for updating the password. The issue here is that the user does not know what combination of password he needs to input untill and unless a specific combination works.
I need to customize this screen to display user friendly lable telling the user what combination of password he/she needs to enter on this screen.
enter image description here
With AAD B2C you can customize the user interface, which including the sign-up/sign-in, profile editing and password resetting experiences. This documentation outlines how to do the UX customization, test out the templates in the portal and has a few tutorials on setting it up.
Here are the specifics on password rule enforcement.

Sign in custom policies and azure function

I need some help with this sample:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-rest-api-step-custom
I need to do the same but with signin policy, i need to validate the email with sql database and change a status column in database, and/or block access if the email is doesn't exist.
do you have some example for that?
Thanks
P.D: Excuse my english
The example you are pointing to is more useful for just retrieving additional claims for a user but not for validating the input. Since you are validating the email address, this example is more relevant:
Walkthrough: Integrate REST API claims exchanges in your Azure AD B2C user journey as validation on user input
This is what I would suggest:
Host your database behind a Rest API so it can be called to validate the email address
Create a technical profile using Web.TPEngine.Providers.RestfulProvider that calls into your Rest API (see the example I linked above)
Add a ValidationTechnicalProfile to the SelfAssertedAttributeProvider technical profile that collects the email so it will validate it and show an error if validation fails
By adding validation such as this, the user will be blocked with an error message and will have the opportunity to fix the input (e.g. typos) and try again. You can also get additional claims about that email address from the Rest API by adding them in the OutputClaims of both the technical profiles.
You will need to determine whether this is the right place to change the flag in the DB or if that ought to be a separate operation. The reason is that if the user goes to the next step in the user journey and then abandons it and comes back later, what would their experience be.
If you want it as a separate step later in the user journey, then you would create it using the example you provided (i.e. as a separate step after all the required steps have executed in the user journey).
The steps will be very similar except you will need to modify a different UserJourney and RelyingParty.
Update <UserJourney Id="SignUpOrSignIn"> as described in step 4.
Update SignUpOrSignin.xml as described in step 5.

Resources