This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV6%3C/text%3E%3C/svg%3E)
I am trying to upload a custom policy in B2C from the Identity Experience Framework >> Upload Custom Policy.
I get the following error:
Validation failed: 1 Validation error found in policy "B2C_1A_TRUSTFRAMEWORKBASE" of tenant "mytenantname.onMicrosoft.com". Tenant "mytenantname.onMicrosoft.com" does not have a CryptographicKey referenced by storageReferenceId "B2C_1A_". Tenant "mytenantname.onMicrosoft.com" does not have a CryptographicKey referenced by storageReferenceId "B2C_1A_".
If am following these steps: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy
Figured it out finally.
I had to replace all occurrences of StorageReferenceId with a value of "B2C_1A_TokenSigningKeyContainer", some of them only had "B2C_1A_"
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
Thank you for your post and I apologize for the delayed response!
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to accept the answer.
Error Message:
Validation failed: 1 Validation error found in policy "B2C_1A_TRUSTFRAMEWORKBASE" of tenant... Tenant "mytenantname.onMicrosoft.com" does not have a CryptographicKey referenced by storageReferenceId "B2C_1A_"...
Issue:
When trying to upload a custom policy in your B2C tenant within Identity Experience Framework, you kept running into the error message above regarding your tenant not having the
CryptographicKeyreferenced by thestorageReferenceIdwithin your custom policy.
Solution:
You resolved your issue by replacing all of the occurrences of
StorageReferenceIdwith a value of -B2C_1A_TokenSigningKeyContainer, since some of the values within your custom policy only hadB2C_1A_.
<CryptographicKeys> <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" /> </CryptographicKeys>
If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information.
I hope this helps!
If you have any other questions, please let me know. Thank you again for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 34%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFO%3C/text%3E%3C/svg%3E)
I also follow the article https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#create-the-signing-key it specifies a name for the Key however it doesn't say it should be mandatory to follow that, I thought I would be just an example and tried to use another name and got the same error. Again, I understand it was my fault for not entering the name that was asked, but it would be good to have a note saying "If you don't use these names you will not be able to upload the files"