I have some questions on customization of the UI for B2C portals. I've looked at both of the following links:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-customize-ui-custom
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-ui-customization-custom
But it doesn't seem like my question is answered from those documentation links.
Question 1: What I'm wondering is if it's possible to customize the "Sign in with your social account" string? I looked through the policy XML files and did not see that string being generated anywhere, and it did not look like I could customize it through one tags of the block in the TrustFrameworkExtensions.xml file. So is this string editable? I attempted to add a Metadata Item tag who's key was "language.intro" hoping that would override the string on the "api.signuporsignin" ContentDefinition block...but it did not override.
Question 2: Somewhat related to the above...is it possible to customize the display strings of the built-in fields for the Sign Up / Profile Edit pages? For example, we would like "Surname" to be "Last Name" and "Given Name" to be "First Name". Is it possible to customize those display name strings, without creating all new/custom fields to get the display name we want?
Thanks for the help, I appreciate it!
I have customized that text using Localization.
<ContentDefinition Id="api.signuporsignin">
<LoadUri>~/tenant/default/unified.cshtml</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.0.0</DataUri>
<Metadata>
<Item Key="DisplayName">Signin and Signup</Item>
</Metadata>
<LocalizedResourcesReferences>
<LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.signuporsignin.en" />
</LocalizedResourcesReferences>
</ContentDefinition>
....... then add Localization element to right before close tag of the BuildingBlocks.
<Localization Enabled="true">
<SupportedLanguages DefaultLanguage="en" MergeBehavior="ReplaceAll">
<SupportedLanguage>en</SupportedLanguage>
</SupportedLanguages>
<LocalizedResources Id="api.signuporsignin.en">
<LocalizedStrings>
<LocalizedString ElementType="UxElement" StringId="social_intro">Sign in with your company account</LocalizedString>
</LocalizedStrings>
</LocalizedResources>
</Localization>
The "Sign in with your social account" HTML is just sample HTML from B2C. To replace this, you can save your custom HTML page in Azure Blob Storage and then follow these steps:
Sign in to your tenant on the Azure portal and navigate to the B2C features blade.
Click Sign-up or sign-in policies, click your policy and click on Edit (for example, "b2c_1_sign_up_sign_in").
Click Page UI customization and then Unified sign-up or sign-in page.
Toggle the Use custom page switch to Yes. In the Custom page URI field, enter https://wingtiptoysb2c.blob.core.windows.net/b2c/wingtip/unified.html. Click OK.
Click Local account sign-up page. Toggle the Use custom template switch to Yes. In the Custom page URI field, enter https://wingtiptoysb2c.blob.core.windows.net/b2c/wingtip/selfasserted.html.
Repeat the same step for the Social account sign-up page. Click OK twice to close the UI customization blades.
Click Save.
For reference, see the full instructions here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-ui-customization-helper-tool
You can do the same thing to customize your Sign Up/Profile Edit pages.
Sounds like this functionality is not supported out of the box, and JavaScript isn't (yet) supported either, our designer found a workaround that seems to work well. Hiding the "intro" div and then adding a div in place and using the CSS "content" attribute to add in our own custom text.
Here's the CSS:
/*this hides the default intro text and replaces with our own text*/
.intro {display: none;}
.social:before {
content: "our custom text";
font-size: 1.2em;
line-height: 2em;
}
Related
When enabling this new self service password reset, it shows wrong titles on the login page.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-custom-policy#self-service-password-reset-recommended
It shows these:
Sign in with your social account
OR
Sign in with your sign in name
But I'm not using any social account, only local account, the Sign in with your social account is empty.
I also tried on this sample, removing facebook as social account, having only local account, however it keeps the empty Sign in with your social account.
https://github.com/azure-ad-b2c/samples/tree/master/policies/embedded-password-reset
Anyone managed to enable self service password reset for local account only and having the correct title Sign in with your sign in name?
This has been fixed in newest version of content definition. In TrustFrameworkBase file use for api.signuporsignin the following DataUri:
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.5</DataUri>
There are two ways to approach this:
Using the Localization features of the Identity Experience Framework. This will allow you to modify the UxElements on your Content Definitions. More information can be found at https://learn.microsoft.com/en-us/azure/active-directory-b2c/localization.
Completely customize the User Interface - https://learn.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-custom-policy
It took me a minute to test this on one of my policies, but this is what I added to my Sign In/Sign Up page to verify the localization.
<BuildingBlocks>
<Localization Enabled="true">
<SupportedLanguages DefaultLanguage="en" MergeBehavior="ReplaceAll">
<SupportedLanguage>en</SupportedLanguage>
</SupportedLanguages>
<LocalizedResources Id="api.selfasserted.en">
<LocalizedStrings>
<LocalizedString ElementType="UxElement" StringId="local_intro_generic">Brad</LocalizedString>
</LocalizedStrings>
</LocalizedResources>
</Localization>
</BuildingBlocks>
And then updated my Content Definition:
<ContentDefinition Id="api.selfasserted">
<LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.2</DataUri>
<Metadata>
<Item Key="DisplayName">Collect information from user page</Item>
</Metadata>
<LocalizedResourcesReferences>
<LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.selfasserted.en"/>
</LocalizedResourcesReferences>
</ContentDefinition>
I implemented the steps in the example - all worked as expect to this point - and then I followed the instructions to enable KMSI.
When testing Identity Experience Framework->Custom Policies->B2C_1A_signup_signin ->Run , I can switch on the tickbox "Keep me signed in" when signing in. However, I close this window (or keep it open for that matter), Run the custom policy again and asks me to sign in again ("Keep me signed in" shows unticked).
I have triple checked the changes in the tutorial and example and can't see any difference (other than in the example I don't have LoadURI and RecoveryURI.
I note I have not made changes as per ContentDefinitions and only followed the instructions in enable KMSI because I didn't think that was a requirement in the tutorial.
Please give me some guidance what may be wrong. Thank you for your help
You are using a wrong method to test the KMSI feature.
If you "Run the custom policy again", it will always ask you to reenter your credential, which is by-design.
You should follow the steps of Test your policy.
You can close the window after you sign in for the first time.
And then follow the step 4, 5 and 6:
Go back to the Azure portal. Go to the policy page, and then select Copy to copy the sign-in URL.
In the browser address bar, remove the &prompt=login query string parameter, which forces the user to enter their credentials on that
request.
In the browser, click Go. Now Azure AD B2C will issue an access token without prompting you to sign-in again.
UPDATE:
You don't need to replace the SignUpOrSignin.xml and TrustFrameworkExtensions.xml. Just refer to my changes:
Add the following code snippet into the BuildingBlocks element in TrustFrameworkExtensions.xml.
<ContentDefinitions>
<ContentDefinition Id="api.signuporsignin">
<LoadUri>~/tenant/default/unified.cshtml</LoadUri>
<RecoveryUri>~/common/default_page_error.html</RecoveryUri>
<DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0</DataUri>
<Metadata>
<Item Key="DisplayName">Signin and Signup</Item>
</Metadata>
</ContentDefinition>
</ContentDefinitions>
And then add the following node as a child of the element. It must be located immediately after <DefaultUserJourney ReferenceId="User journey Id" />.
<UserJourneyBehaviors>
<SingleSignOn Scope="Tenant" KeepAliveInDays="30" />
<SessionExpiryType>Absolute</SessionExpiryType>
<SessionExpiryInSeconds>1200</SessionExpiryInSeconds>
</UserJourneyBehaviors>
These are all the changes need to be made.
You don't need to remove &prompt=login in the files. Please see my screenshot above. After you copy the sign-in URL, it will be like this:
https://**.b2clogin.com/**.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_SignUpOrSignIn&client_id=**&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&prompt=login
Just remove the &prompt=login at the end of the URL and access it in a new window.
I am currently experiencing a problem with Azure B2C IEF Custom Policy. In my "ProfileEdit" UserJourney The user is presented with the sign-in screen. The problem here is that the continue button is actually labeled "Create" After the user signs in, they are presented with a Edit Profile Page. But again, the continue button is labeled as create.
I have done a lot of research. I could not find anything in stackoverflow and I have reviewed Microsoft Documentation and also ensured that the DataURIs are correct for the ContentDefinition.
The current Data URI is as follows:
urn:com:microsoft:aad:b2c:elements:contract:selfasserted:1.1.0
Any guidance would be greatly appreciated.
if you don't want to go with localization. You can still update button/ label values inside Metadata of relevant technical profiles.
For your scenario
Add new Metadata Item in Base file technical profile
SelfAsserted-LocalAccountSignin-Email like below
<Metadata>
---
<Item Key="language.button_continue">Continue</Item>
</Metadata>
You can customize any element text using localization.
The first step is to enable localization for English and any other languages to be supported:
<BuildingBlocks>
...
<ContentDefinitions />
<Localization>
<SupportedLanguages DefaultLanguage="en">
<SupportedLanguage>en</SupportedLanguage>
</SupportedLanguages>
</Localization>
</BuildingBlocks>
The second step is to define the localized strings for each supported language for each page definition:
<BuildingBlocks>
...
<Localization>
<SupportedLanguages />
<LocalizedResources Id="api.selfasserted.profileupdate.en">
<LocalizedStrings>
<LocalizedString ElementType="UxElement" StringId="button_continue">Update</LocalizedString>
</LocalizedStrings>
</LocalizedResources>
</Localization>
</BuildingBlocks>
The last step is to declare references from the page definition to the localized resources:
<BuildingBlocks>
...
<ContentDefinitions>
<ContentDefinition Id="api.selfasserted.profileupdate">
...
<LocalizedResourcesReferences MergeBehavior="Prepend">
<LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.selfasserted.profileupdate.en" />
</LocalizedResourcesReferences>
</ContentDefinition>
</ContentDefinitions>
<Localization />
</BuildingBlocks>
Is it possible to customize error messages for invalid credentials using azure b2c custom policy?
Ideally, we would like to show a different error message for invalid credentials, which is “Sorry, unrecognized username or password. Have you forgotten your password?”. Here the entire message is the hyperlink which should redirect to reset password screen.
P.S: We have changed the error messages using custom policy but facing difficulty in having the hyperlink and redirection to reset the password.
Any insight will be helpful.
Thanks in advance
You can customize the error messages by modifying the UserMessageIf* settings for the login-NonInteractive technical profile as follows:
<Metadata>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">Email or password is incorrect.</Item>
<Item Key="UserMessageIfInvalidPassword">Email or password is incorrect.</Item>
<Item Key="UserMessageIfOldPasswordUsed">Email or password is incorrect.</Item>
...
</Metadata>
The UserMessageIfInvalidPassword can only hold text, if I am not wrong, so you'll have to resort to workarounds unfortunately. Do you have the reset password mechanism also as a policy/technical profile?
The policies in general link to other policies/technical profiles through links that contain a reference to the ClaimsExchanges. For example, a user SignIn page that has SignUp links at the bottom, will contain a reference to the ClaimsExchange that will be called when the user decides to SignUp instead of SignIn.
In your case, if the password reset mechanism is a separate Policy, it could be possible to convert the policy link to an HTML link, and use the same as the error message for "UserMessageIfInvalidPassword". The policy would show the text, which would be rendered as as an HTML link.
It should also be possible to perform some of this workaround through the JS in the page.
I'm using custom policies on my Azure AD B2C app. And I am using a custom UI passing a reference to a UI hosted on my server like this on my sign-up/sign-in policy:
<BuildingBlocks>
<ContentDefinitions>
<ContentDefinition Id="api.signuporsignin">
<LoadUri>https://MyURL/index.html</LoadUri>
</ContentDefinition>
</ContentDefinitions>
</BuildingBlocks>
This is working. But now I want to add a HTML link element to my custom UI with the URL of my Privacy Policy and that element is not showing up when I execute my policy. Everything is showing up except that link.
Could it be some cache on Azure that is using the old custom UI? Or is something I'm missing?
Try:
<div id="api">
<!-- Leave this element empty because Azure AD B2C will insert content here. -->
</div>
<!-- URL goes here, outside of the API div above -->
Privacy policy