Azure B2C SAML User Journey Error

Caleb Abernathy 0 Reputation points

My assumption is that there is no way to connect to B2C via SAML without using a custom policy, correct? We have constructed a B2C Custom policy using the MS Learn documentation, but are getting this error while logging in.User's image

When we look in application insights, we see this error: The user journey 'SignUpOrSigninSAML' does not specify first step or the first step is not a claims exchange. Attached is our Custom Policy which does have a first step and does have a claim exchange step. Not sure what we are missing. Would love any feedback on our approach or issues in our Custom Policy! Thank you!

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,678 questions
{count} votes

1 answer

Sort by: Most helpful
  1. VasimTamboli 4,420 Reputation points

    The error message "The user journey 'SignUpOrSigninSAML' does not specify first step or the first step is not a claims exchange" indicates that there is either no first step defined in your user journey or the first step is not a claims exchange step.

    To troubleshoot this issue, you can try the following steps:

    Check your custom policy XML file to ensure that the user journey is defined correctly and that the first step is a claims exchange step. You can use a tool like XML Notepad or Visual Studio Code to validate the XML structure of your custom policy.
    Check your application's SAML configuration to ensure that it is correctly configured to use your custom policy. Make sure that the SAML configuration is pointing to the correct B2C tenant and that the policy ID is set correctly.
    Check the application insights logs for any additional error messages or details that might help diagnose the issue. Look for any errors or exceptions related to the SAML authentication process.
    If you are still having issues, you may want to consider reaching out to Microsoft support for further assistance.

    It's worth noting that while it is possible to connect to Azure B2C via SAML without a custom policy, you may need to use a custom policy if you require additional customization or functionality that is not available through the standard B2C policies

    3 people found this answer helpful.