Share via

Azure B2C Saml Application configuration issue

Narendrn Balachandran 106 Reputation points
2022-02-01T01:34:17.277+00:00

Hi , I am trying to configure a saml application and following this documentation - https://learn.microsoft.com/en-us/azure/active-directory-b2c/saml-service-provider?tabs=windows&pivots=b2c-custom-policy.

Uploaded the extension file without any issue but when i try to upload my signup_signin_saml (RP) file i am getting the below error message

"Validation failed: 1 validation error(s) found in policy "B2C_1A_SIGNUP_SIGNIN_SAML" of tenant "vuwtestb2c.onmicrosoft.com".User journey 'SignUpOrSignIn' in policy 'B2C_1A_signup_signin_saml' of tenant .onmicrosoft.com' has 2 sendClaims steps. Please specify a DefaultCpimIssuerTechnicalProfileReferenceId attribute set to the default issuer technical profile reference id.User journey 'SignUpOrSignIn' in policy 'B2C_1A_signup_signin_saml' of tenant 'vuwtestb2c.onmicrosoft.com' has 2 sendClaims steps. Please specify a DefaultCpimIssuerTechnicalProfileReferenceId attribute set to the default issuer technical profile reference id."

I did try to completely reconfigure the custom policy but still the same issue.

Regards,

Narendrn

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,871 Reputation points Moderator
    2022-02-01T05:18:18.623+00:00

    Hi @Narendrn Balachandran • Thank you for reaching out.

    Looking at the error you are getting, you have 2 Orchestration Steps with Type="SendClaims" in your policy files. I suspect you have configured the same orchestration step under the Extensions file as well as the RP file. This is why, the Extensions file gets uploaded successfully and when you upload the RP file, it finds the OrchestrationStep of this type already existing in the Extensions file and throws the error.

    As per the document, below step needs to be added to the RP file: 

      <UserJourneys>  
    <UserJourney Id="SignUpOrSignIn">  
      <OrchestrationSteps>  
        <OrchestrationStep Order="7" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="Saml2AssertionIssuer"/>  
      </OrchestrationSteps>  
    </UserJourney>  
  </UserJourneys>

    If you have configured the same step in the Extensions file under <UserJourney Id="SignUpOrSignIn"> , you need to replace it with below step: 

    <OrchestrationStep Order="7" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.