Error while uploading Custom Policy

Alok Aswal 1 Reputation point
2022-11-21T11:09:07.85+00:00

Hi

Getting below exception while uploading custom policy , with policy XML section

Validation failed: 1 validation error(s) found in policy "POLICYNAME" of tenant "tenant.onmicrosoft.com".Schema validation error found at line 161 col 52 in policy "POLICYNAME" of tenant "tenant.onmicrosoft.com": The 'ReferenecId' attribute is not declared.Schema validation error found at line 161 col 52 in policy "POLICYNAME" of tenant "tenant.onmicrosoft.com": The 'ReferenecId' attribute is not declared.

<ClaimsProvider>
<DisplayName>My ID Token Hint ClaimsProvider</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="IdTokenHint_ExtractClaims">
<DisplayName> My ID Token Hint TechnicalProfile</DisplayName>
<Protocol Name="None" />
<Metadata>

        <!--Sample action required: replace with your endpoint location -->  
        <Item Key="METADATA">https://tenant.b2clogin.com/tenant.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=POLICYNAME</Item>  

        <!-- <Item Key="IdTokenAudience">your_optional_audience_override</Item> -->  
        <!-- <Item Key="issuer">your_optional_token_issuer_override</Item> -->  
		        <Item Key="IdTokenAudience">1bdf2d2f-6b05-4633-89ab-4444478ss34vvsf</Item>  

		        <Item Key="issuer">https://localhost</Item>  

      </Metadata>  
	    <CryptographicKeys>  
    <Key Id="client_secret" StorageReferenceId="B2C_1A_IdTokenHintKey" />  
  </CryptographicKeys>  
   <InputClaims>  
    <InputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />  
  </InputClaims>  
  <OutputClaims>  
        <!--Sample: Read the email cliam from the id_token_hint-->      <--------- IN This LINE getting eror  
        <OutputClaim ClaimTypeReferenceId="email" />                              
      </OutputClaims>  
    </TechnicalProfile>  
  </TechnicalProfiles>  
</ClaimsProvider>
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,956 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,886 Reputation points Microsoft Employee
    2022-11-23T08:27:56.243+00:00

    Hello @Alok Aswal ,

    Thank you for posting your query on Microsoft Q&A. The issue seems to be with your "Metadata" URL.

    Item Key="METADATA">https://tenant.b2clogin.com/tenant.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=POLICYNAME</Item>

    As per https://learn.microsoft.com/en-us/azure/active-directory-b2c/id-token-hint#metadata, METADATA is "A URL that points to a token issuer configuration document, which is also known as an OpenID well-known configuration endpoint" i.e. your relying party discovery endpoint. Kindly have this replaced with it.

    For example, in my case FB is relying party so, the meta data URL could be found from the Signup-Signin:

    263355-image.png

    Please do let me know if you have any further queries in the comments section.

    Thanks,
    Akshay Kaushik

    Please "Accept the answer", "Upvote" and rate your experience if the suggestion works as per your business need. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.