Unable to sign on using custom policy

Question

Unable to sign on using custom policy

Grossmann, Tobias 11

Hi,

we use AzureB2C for self service of users and would like to add custom policies.
unfortunately we get the error "The username or password provided in the request are invalid."

After using google, most people write its related to the 2 apps that are needed for custom policies. IdentityExperienceFramework & ProxyIdentityExperienceFramework.
Or using a wrong ID in TrustFrameworkExtensions.xml

I've checked it now 10 times and cant see the error :-( Hopefully someone can have a 2nd look and see what I do wrong?
Also - maybe - I do the SignUp Test with one of the working Applications under "Applications (Legacy)". As I cannot choose any App registrations "Apps".

Attached the Manifest & Logs.

Thanks and regards
Tobi

26137-signuporsignin.xml

26211-trustframeworkextensions.xml

26182-logs.txt

26183-proxyidentityexperienceframework.txt

26184-identityexperienceframework.txt

3 answers

Your answer

Answer 1

Marvin Heng 6

I had the similar issue. In order to make it work, I had have to deleted IdentityExperienceFramework and ProxyIdentityExperienceFramework applications created under b2c "blade" and re-created them under AAD although they look similar, but somehow it is different.

This also means that before doing this step https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#register-the-identityexperienceframework-application and this one https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#register-the-proxyidentityexperienceframework-application navigate to AAD and then to App registrations to create these two items.

Kobus Olivier (Personal) 0 Reputation points

2023-12-01T15:33:41.1466667+00:00

Thank you Marvin, I also recreated the Apps under the AAD and all worked as expected.

Answer 2

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Moderator

Please recreate both your IEF applications following the steps detailed in Register Identity Experience Framework applications. Regarding the B2C app follow Tutorial: Register a web application in Azure Active Directory B2C.

--
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.

Grossmann, Tobias 11 Reputation points

2020-09-23T14:34:32.24+00:00

Hi Alfredo,

thanks for your reply. I did, but with the same result. The error is the same:
"
Application with identifier '{appIdentifier}' was not found in the directory '{tenantName}'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
"

Regards,
Tobi

27283-identityexperienceframework.txt 27311-proxyidentityexperienceframework.txt 27321-webapp1.txt 27331-trustframeworkextensions.xml
Grossmann, Tobias 11 Reputation points

2020-09-23T14:45:23.163+00:00

Referer: https://patientstrength.b2clogin.com/patientstrength.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1A_signup_signin&client_id=9f8b2b9d-84a8-4ac9-99d8-683bd49c4d4c&nonce=defaultNonce&redirect_uri=https%3A%2F%2Fjwt.ms&scope=openid&response_type=id_token&prompt=login

Request URL: https://patientstrength.b2clogin.com/patientstrength.onmicrosoft.com/B2C_1A_signup_signin/SelfAsserted?tx=StateProperties=eyJUSUQiOiI4OWE4OGYwNC1hNDE3LTQwODgtODhlYS04MWRhZWVhZWRhYWMifQ&p=B2C_1A_signup_signin
Jay-Smit-Dev 1 Reputation point

2021-10-11T12:48:28.833+00:00

Hello,
I am currently working on creating a basic Azure B2C environment with the use of Microsoft Documentation https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-overview

It contains the following steps.
Create an Azure AD B2C tenant
Register a web application using the Azure portal so you'll be able to test your policy.
Add the necessary policy keys and register the Identity Experience Framework applications.
Get the Azure AD B2C policy starter pack and upload to your tenant.
After you upload the starter pack, test your sign-up or sign-in policy.

I have done all the steps copy-book style, but still when I signup a user with a valid email and other parameters, it is successful. But, when I use the same credentials to login, It says "The USERNAME AND PASSWORD ARE INVALID". The application registered is also the default Microsoft jwt.ms.

Can anyone help me out on this, need to resolve it on an urgent basis. Thanks in advance.

Answer 3

Grossmann, Tobias 11

In addition, as i can create users, i found this errors via the Azure AD User Log:

The application was not found in the directory. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
- Failure reason Application with identifier '{appIdentifier}' was not found in the directory '{tenantName}'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2020-09-22T18:54:57.07+00:00

@Grossmann, Tobias please take a look to my previous answer.
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2020-09-23T18:24:28.09+00:00

Construct the URL for granting tenant-wide admin consent and visit it so consent can be given by an admin. That will fix the latest error:

https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id={client-id}
Grossmann, Tobias 11 Reputation points

2020-09-24T06:31:34.55+00:00

Ok, I tried, with the {tenant-id} & {tenant-name}, I got forwarded to the login page, and then to the jwt.ms page, with only a result in the URL

call to:

https://login.microsoftonline.com/f1eb83e1-8a50-42d0-a0fb-76e1794c12fe/adminconsent?client_id=9f8b2b9d-84a8-4ac9-99d8-683bd49c4d4c

Result in URL

https://jwt.ms/?error=server_error&error_description=AADSTS50000%3a+There+was+an+error+issuing+a+token+or+an+issue+with+our+sign-in+service.%0d%0aTrace+ID%3a+d9db5c8c-7bc6-4a05-a120-19a32c691000%0d%0aCorrelation+ID%3a+30c4f623-895b-4fee-b49a-8ccdd2750fb8%0d%0aTimestamp%3a+2020-09-24+06%3a29%3a57Z&error_uri=https%3a%2f%2flogin.microsoftonline.com%2ferror%3fcode%3d50000&admin_consent=True
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2020-09-24T17:04:55.263+00:00

@Grossmann, Tobias I'm reaching within the product team and will come back to you.
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2020-10-06T00:16:49.1+00:00

Please create a support request to better address this issue.

Share via

Unable to sign on using custom policy

3 answers

Your answer