Reputation: 634
Custom policy validation error
Using the AADB2C Identity Experience Framework custom policies, I'm trying to create a UserJourney that allows multiple social providers, as well as the local provider, but only allows Sign-In, not Sign-Up. When I upload the TrustFrameworkExtensions file containing the UserJourney, the upload fails with the error:
Unable to upload policy. Reason : Validation failed: 2 validation error(s) found in policy "B2C_1A_TRUSTFRAMEWORKEXTENSIONS" of tenant "mytenant.onmicrosoft.com".ClaimsExchange with id "SignInWithLogonNameExchange" is referenced in UserJourney with id "SignInAny" in policy "B2C_1A_TrustFrameworkExtensions" of tenant "mytenant.onmicrosoft.com", but it was not found.ClaimsExchange with id "SignInWithLogonNameExchange" is referenced in UserJourney with id "SignInAny" in policy "B2C_1A_TrustFrameworkExtensions" of tenant "MBHB2C.onmicrosoft.com", but it was not found.
The first part of the UserJourney, which I think contains all the relevant content, is:
<UserJourney Id="SignInAny">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsProviderSelection" ContentDefinitionReferenceId="api.idpselections">
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="SignInWithLogonNameExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="KDEWebAppTestExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="MSAExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="GoogleExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="SignInWithLogonNameExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- Check if the user has selected to sign in using one of the social providers -->
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="KDEWebAppTestExchange" TechnicalProfileReferenceId="KDEWebAppTestProfile" />
<ClaimsExchange Id="MSAExchange" TechnicalProfileReferenceId="MSA-OIDC" />
<ClaimsExchange Id="GoogleExchange" TechnicalProfileReferenceId="Google-OAUTH" />
</ClaimsExchanges>
</OrchestrationStep>
...
</UserJourney>
</OrchestrationSteps>
I don't understand what it was not found actually means.
Suggestions?
thanks!
Martin
Upvotes: 4
Views: 1525
Answers (1)
Reputation: 2293
Basically, in OrchestrationStep with Order 1, you have the following line:
<ClaimsProviderSelection TargetClaimsExchangeId="SignInWithLogonNameExchange" />
The TargetClaimsExchangeId is a reference to the ClaimsExchange element in the next OrchestrationStep. However, you do not have a line similar to this in the next step with Id set to SignInWithLogonNameExchange.
<ClaimsExchange Id="GoogleExchange" TechnicalProfileReferenceId="Google-OAUTH" />
So IEF does not know what to do (e.g. which technical profile to use) when the user clicks the button corresponding to that ClaimsProviderSelection.
Upvotes: 3
Related Questions
- Azure B2c error 'Unable to validate the information provided.' when using custom attributes
- ValidationTechnicalProfile is not executed - B2C Custom Policy
- Validation error uploading Azure AD B2C policy
- How to resolve Azure B2C UI customization Schema Validation Error pls?
- Azure B2C custom policy passwordless signin schema validation error
- Validation error while uploading custom policy
- AD B2C custom policy custom claims getting error "Unable to validate the information provided." while signup
- Add restrictions to custom policy and make claim optional Azure B2C
- Can't Add/Upload Azure AD B2C Custom Policies
- Error 70001 trying to sign in as Azure AD B2C user with custom Identity Experience Framework policy