Share via

B2C Custom Profile called mulitple times with just object ID and no other fields

Richard George 1 Reputation point
2022-11-24T17:44:42.23+00:00

We have customised policies for login, registration and password reset. All three customisations call one of more RESTful APIs as part of the user journey. We are seeing the same REST API being called multiple times each time a policy runs. For example, on the sign-in we can see /login being called twice. In one call the JSON is correctly formatted, but in the other calls only the object ID is populated in the request.

We can see in App Insights that the REST API is called twice, so we know that it is being done by B2C. Oddly, even though the header in App Insight shows the call happening twice, in the body it only captures it once.

Need help, this is driving the team nuts!

<ClaimsTransformation Id="GenerateLoginBody" TransformationMethod="GenerateJson">
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" TransformationClaimType="subjectId" />
<InputClaim ClaimTypeReferenceId="blackBox" TransformationClaimType="blackBox" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="gqlLoginJsonBody" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation> 

<TechnicalProfile Id="TFPGQL-SendLoginMutation">  
  <DisplayName>Send register request to GQL</DisplayName>  
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />  
  <Metadata>  
    <Item Key="ServiceUrl">https://tpappgw.thepools.com/qa_graphql/rest/login</Item>  
    <Item Key="AuthenticationType">ClientCertificate</Item>  
    <Item Key="SendClaimsIn">Body</Item>  
    <Item Key="ClaimUsedForRequestPayload">gqlLoginJsonBody</Item>  
    <Item Key="DefaultUserMessageIfRequestFailed">Cannot process your login right now, please try again later.</Item>  
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>  
    <Item Key="DebugMode">true</Item>  
  </Metadata>  
  <CryptographicKeys>  
    <Key Id="ClientCertificate" StorageReferenceId="B2C_1A_RestApiClientCertificate" />  
  </CryptographicKeys>  
  <InputClaimsTransformations>  
    <InputClaimsTransformation ReferenceId="GenerateLoginBody" />  
  </InputClaimsTransformations>  
  <InputClaims>  
    <InputClaim ClaimTypeReferenceId="ipAddress" DefaultValue="{Context:IPAddress}" AlwaysUseDefaultValue="true" />  
    <InputClaim ClaimTypeReferenceId="gqlLoginJsonBody" />  
  </InputClaims>  
  <PersistedClaims>  
    <PersistedClaim ClaimTypeReferenceId="ipAddress"/>  
    <PersistedClaim ClaimTypeReferenceId="blackBox" />  
    <PersistedClaim ClaimTypeReferenceId="subjectId" />  
    <PersistedClaim ClaimTypeReferenceId="loginSuccess" />  
    <PersistedClaim ClaimTypeReferenceId="userBlocked" />  
    <PersistedClaim ClaimTypeReferenceId="ioResult" />  
    <PersistedClaim ClaimTypeReferenceId="loginErrorMessage" />  
    <PersistedClaim ClaimTypeReferenceId="fsError" />  
    <PersistedClaim ClaimTypeReferenceId="migrationResponse" />  
  </PersistedClaims>  
  <OutputClaims>  
    <OutputClaim ClaimTypeReferenceId="loginSuccess" />  
    <OutputClaim ClaimTypeReferenceId="userBlocked" />  
    <OutputClaim ClaimTypeReferenceId="ioResult" />  
    <OutputClaim ClaimTypeReferenceId="loginErrorMessage" PartnerClaimType="error.message" />  
    <OutputClaim ClaimTypeReferenceId="fsError" PartnerClaimType="error.fsError" />  
    <OutputClaim ClaimTypeReferenceId="migrationResponse" />  
    <OutputClaim ClaimTypeReferenceId="subjectId" />  
    <OutputClaim ClaimTypeReferenceId="fsId" />  
  </OutputClaims>  
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />  
</TechnicalProfile>

Application Insights
Policy: b2c_1a_signin
Correlation Id: 6618ff5f-c65b-4421-8f5d-f0a7fa...
App insights timestamp: 2022-11-24 13:47:56
User journey is completed: No
Orchestration steps: 2, 3
Exceptions
Processing of the HTTP request resulted in an exception.
Please see the HTTP response returned by the 'Response' property of this exception for details.
Cannot process your login right now, please try again later.
Technical profiles
SelfAsserted-LocalAccountSignin-Email_2 (SelfAssertedAttributeProvider)
TFPGQL-SendLoginMutation (RestfulProvider)
TFPGQL-SendLoginMutation (RestfulProvider) <--- CALLED TWICE
Claims
authenticationSource: localAccountAuthentication
gqlLoginJsonBody: {"subjectId":"b456720d-b9e9-...."}
ipAddress: 185.xxx.xxx.177
objectId: b456720d-b9e9-4ec0-9e9...
objectIdFromSession: True
signInName: ******@mailinator.com 

<snip>....</snip>  
  
{  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true,  
      "RecorderRecord": {  
        "Values": [  
          {  
            "Key": "EnabledForUserJourneysTrue",  
            "Value": {  
              "Values": [  
                {  
                  "Key": "CurrentStep",  
                  "Value": 3  
                },  
                {  
                  "Key": "TechnicalProfileEnabled",  
                  "Value": {  
                    "EnabledRule": "Always",  
                    "EnabledResult": true,  
                    "TechnicalProfile": "TFPGQL-SendLoginMutation"  
                  }  
                }  
              ]  
            }  
          }  
        ]  
      },  
      "PredicateResult": "True"  
    }  
  },  
  {  
    "Kind": "Predicate",  
    "Content": "Web.TPEngine.StateMachineHandlers.IsClaimsExchangeProtocolARedirectionHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true,  
      "PredicateResult": "False"  
    }  
  },  
  {  
    "Kind": "Predicate",  
    "Content": "Web.TPEngine.StateMachineHandlers.IsClaimsExchangeProtocolAnApiHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true,  
      "PredicateResult": "False"  
    }  
  },  
  {  
    "Kind": "Predicate",  
    "Content": "Web.TPEngine.SSO.IsSSOSessionParticipantHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true,  
      "PredicateResult": "False"  
    }  
  },  
  {  
    "Kind": "Predicate",  
    "Content": "Web.TPEngine.StateMachineHandlers.IsClaimsExchangeProtocolAServiceCallHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true,  
      "RecorderRecord": {  
        "Values": [  
          {  
            "Key": "InitiatingClaimsExchange",  
            "Value": {  
              "ProtocolType": "backend protocol",  
              "TargetEntity": "LocalAccountSigninEmailExchange_1",  
              "TechnicalProfileId": "TFPGQL-SendLoginMutation",  
              "ProtocolProviderType": "RestfulProvider"  
            }  
          }  
        ]  
      },  
      "PredicateResult": "True"  
    }  
  },  
  {  
    "Kind": "Action",  
    "Content": "Web.TPEngine.StateMachineHandlers.GenerateRequestInputParamsHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": false  
    }  
  },  
  {  
    "Kind": "Action",  
    "Content": "Web.TPEngine.StateMachineHandlers.InputClaimsTransformationHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true,  
      "Statebag": {  
        "Complex-CLMS": {  
          "objectId": "b456720d-b9e9-4ec0-9e...",  
          "signInName": "******@mailinator.com",  
          "authenticationSource": "localAccountAuthentication",  
          "objectIdFromSession": "True",  
          "gqlLoginJsonBody": "{\"subjectId\":\"b456720d-b9e9-4ec0-9e9...\"}",  
          "ipAddress": "185.xxx.xxx.177"  
        }  
      }  
    }  
  },  
  {  
    "Kind": "Action",  
    "Content": "Web.TPEngine.StateMachineHandlers.PersistedClaimsTransformationHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true  
    }  
  },  
  {  
    "Kind": "Action",  
    "Content": "Web.TPEngine.StateMachineHandlers.OutputClaimsTransformationHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true,  
      "RecorderRecord": {  
        "Values": [  
          {  
            "Key": "InitiatingClaimsExchange",  
            "Value": {  
              "ProtocolType": "backend protocol",  
              "TargetEntity": "LocalAccountSigninEmailExchange_1",  
              "TechnicalProfileId": "TFPGQL-SendLoginMutation",  
              "ProtocolProviderType": "RestfulProvider"  
            }  
          }  
        ]  
      },  
      "Statebag": {  
        "MACHSTATE": {  
          "c": "2022-11-24T13:47:56.7604143Z",  
          "k": "MACHSTATE",  
          "v": "Microsoft.Cpim.Common.Web.InvalidResponseException",  
          "p": true  
        },  
        "ComplexItems": "_MachineEventQ, TCTX, ORCH_IDX, REPRM, IC, M_EXCP"  
      },  
      "PredicateResult": "True"  
    }  
  },  
  {  
    "Kind": "Transition",  
    "Content": {  
      "EventName": "ClaimsExchange",  
      "StateName": "Microsoft.Cpim.Common.Web.InvalidResponseException"  
    }  
  },  
  {  
    "Kind": "Predicate",  
    "Content": "Web.TPEngine.StateMachineHandlers.NoOpHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true,  
      "PredicateResult": "True"  
    }  
  },  
  {  
    "Kind": "Action",  
    "Content": "Web.TPEngine.SSO.SSOSessionEndHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true  
    }  
  },  
  {  
    "Kind": "Action",  
    "Content": "Web.TPEngine.StateMachineHandlers.SendErrorHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true,  
      "RecorderRecord": {  
        "Values": [  
          {  
            "Key": "SendErrorTechnicalProfile",  
            "Value": "OpenIdConnectProtocolProvider"  
          },  
          {  
            "Key": "Exception",  
            "Value": {  
              "Kind": "Handled",  
              "HResult": "80131500",  
              "Message": "Cannot process your login right now, please try again later.",  
              "Data": {  
                "IsPolicySpecificError": false  
              },  
              "Exception": {  
                "Kind": "Handled",  
                "HResult": "80131500",  
                "Message": "Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details.",  
                "Data": {}  
              }  
            }  
          }  
        ]  
      },  
      "Statebag": {  
        "SE": {  
          "c": "2022-11-24T13:47:56.8854897Z",  
          "k": "SE",  
          "v": "",  
          "p": true  
        }  
      }  
    }  
  },  
  {  
    "Kind": "Action",  
    "Content": "Web.TPEngine.StateMachineHandlers.TransactionEndHandler"  
  },  
  {  
    "Kind": "HandlerResult",  
    "Content": {  
      "Result": true  
    }  
  }
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 30,426 Reputation points Microsoft Employee Moderator
    2022-11-30T08:45:30.253+00:00

    Hi @Richard George ,

    Thanks for reaching out.

    Based on the mentioned logs, it seems TFPGQL-SendLoginMutation technical profile to call REST API is called twice from two different technical profile.

    1. From LocalAccountSignin-Email_2
    2. From LocalAccountSigninEmailExchange_1

    Could you please check your user's journey when you are calling the above two technical profile. There might be secnario when you are calling REST API from self-asserted profile as validation technical profile or through API URL through metadata or directly in the orchestration step as well.

    I would recommend checking all the occurrences of the REST API in the user journey.

    Hope this will help.

    Thanks,
    Shweta

    -----------------------------------------------

    Please remember to "Accept Answer" if answer helped you.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.