Azure AD B2C Custom Policy - Throwing UserMessageIfServerError: An exception has occurred.
Hi Team, We have started implementing Azure AD B2C custom policy for SignUp/SignIn. On execution of custom policy, Signup/Signin screen is shown . On Signup screen, we do the verification then we enter the details like password and name and continue to MFA. This MFS screen throws error "Sorry, but we're having trouble signing you in" and exception it shows is "UserMessageIfServerError: An exception has occurred." I am attaching the screenshot of error as well Let me know if anybody has faced this issue and know the cause and possible solution for the same
FormatStringClaim not validating in B2C Custom Policy
I'm having issues uploading a change to my existing Azure B2C policy that includes a new FormatStringClaim claim transformation. I haven't been able to figure out the issue as my claim transformation looks nearly identical to the example given by Microsoft. I'm getting the following error The following InputClaims were declared in the Policy but were not expected by the TransformMethod: [String]inputClaim With the following B2C <ClaimsTransformations> <ClaimsTransformation Id="CreateUserPrincipalName" TransformationMethod="FormatStringClaim"> <InputClaims> <InputClaim ClaimTypeReferenceId="objectId" TransformationClaimType="inputClaim" /> </InputClaims> <InputParameters> <InputParameter Id="stringFormat" DataType="string" Value="{0}@contoso.com" /> </InputParameters> <OutputClaims> <OutputClaim ClaimTypeReferenceId="uniqueIdentifier" TransformationClaimType="outputClaim" /> </OutputClaims> </ClaimsTransformation> </ClaimsTransformations> The objectId is a string that's declared and populated in a higher level custom policy. It's also used in this policy so I'm not sure why Azure would have an issue with me using it here. I'm just trying to add a custom domain name to the objectId were already using and pass it into the SAML token.User query $filter ignores identities/issuer - MS Graph API and Azure B2C
Hello everyone: We’re using the MS Graph API /users endpoint to query user accounts in our Azure B2C tenant. The $filter parameter doesn’t seem to filter Users correctly when filtering on the issuer property in the identities collection (used in identities/any(x:x/issuer)- the supplied issuer string value is ignored. Here’s an example of a query where the endpoint returned results matching the email address in issuerAssignedId even though the filter’s identities/issuer filter value contained only a whitespace character: Request GET https://graph.microsoft.com/v1.0/users?$select=id,displayName,identities&$top=999&$filter=identities/any(x:x/issuerAssignedId eq 'myusername@mycompany.onmicrosoft.com' and x/issuer eq ' ') Response { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(id,displayName,identities)", "value": [ { "id": "e2349f30-7778-4e60-86f6-254096886f84", "displayName": "trusted-user", "identities": [ { "signInType": "emailAddress", "issuer": "myb2cissuer.onmicrosoft.com", "issuerAssignedId": "myusername@mycompany.onmicrosoft.com" }, { "signInType": "userPrincipalName", "issuer": "myb2cissuer.onmicrosoft.com", "issuerAssignedId": "e2349f30-7778-4e60-86f6-254096886f84@myb2cissuer.onmicrosoft.com" } ] } ] } I understand that this form of query filter expression on the User’s identities collection requires that both issuer and issuerAssignedId are specified. @FaithOmbongi (MS Graph Docs on Github) mentioned that this is caused by a known bug but didn’t include any reference to the bug, or tracking details, nor any indication of when it will be resolved: “This is a known bug currently in Engineering's queue for resolution. Closing this issue for now.“ - @FaithOmbongi - from: $filter is not working properly for user identities · Issue #11094 · microsoftgraph/microsoft-graph-docs ( http://github.com/) Could we please receive some info/feedback on this issue? This is a blocking issue for us. Is it still a confirmed bug or are we calling the MS Graph API incorrectly? BTW Apologies if I've asked this question in the wrong forum. Also, this same issue has been raised elsewhere but it still remains unanswered: https://techcommunity.microsoft.com/t5/microsoft-graph/microsoft-graph-filtering-on-identities/m-p/1744549 https://github.com/microsoftgraph/microsoft-graph-docs/issues/11094 https://stackoverflow.com/questions/65209716/is-issuer-both-required-and-ignored-when-querying-users-by-identity/65396990#65396990 UPDATE: BTW If anyone is interested in following a related discussion on the MS Q&A forum, please see: https://docs.microsoft.com/en-us/answers/questions/826199/user-query-filter-ignores-identitiesissuer-ms-grap.html
