This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 89%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Hi,
I am setting up B2C custom policies with TFA using TOTP.
I have followed the git gub samples.
The orchestration steps works perfect up to Step 7 ( <OrchestrationStep Order="7" Type="ClaimsExchange"> )
The orchestration order 8 failed with the error error_description=AADB2C90047 The resource "http://myserver.aikaan.io/selfasserted-appfactor-registration.html" contains script errors preventing it from being loaded
I have made sure there is no CORS errors, my nginx server config include " add_header Access-Control-Allow-Origin *; "
I do not see any request in access_log of my nginx server.
What am I missing and how do I debug further.
Special attn: @AmanpreetSingh-MSFT
Hi @Chetan Kumar · Thank you for reaching out.
Along with Access-Control-Allow-Origin, try adding below headers
Access-Control-Allow-Credentials
Access-Control-Allow-Methods
Access-Control-Allow-Headers
with the values mentioned under Configure CORS
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @AmanpreetSingh-MSFT ,
Tried adding all the above header, no success.
Another point I want to bring to your notice is, I do not see an access log for "selfasserted-appfactor-registration.html" in my Nginx server. This indicates the request is not reaching my Nginx server.
I get the access logs for /Generate REST path.
Thanks
C
@Chetan Kumar · Yes, getting access logs should help.
Hi @AmanpreetSingh-MSFT ,
I do not see any access logs on my Nginx server. This indicates in orchestration step 8 the B2C authenticator is attempting to connect my server.
Let me rephrase my question and observation.
a. At step 7 ( <OrchestrationStep Order="7" Type="ClaimsExchange"> ), the technical profile TechnicalProfileReferenceId="AppFactor-GenerateTotpWebHook" is executed, B2C authenticator connects to my back-end REST API at the path myserver.aikaan.io/Generate
b. The REST call responds with OutputClaim qrCodeBitmap and secretKey. I have confirmed with application-insights logs these claims are stored.
c. At step 8 (OrchestrationStep Order="8" Type="ClaimsExchange")
While the page http://myserver.aikaan.io/wwwroot/selfasserted-appfactor-registration.html is supposed to display, I get the error_description=AADB2C90047
When I check nginx access logs, I do not see a request from B2C authenticator for the above page
Hi @Chetan Kumar · Could you please share the correlation id that you are getting along with error AADB2C90047?