Azure AD B2C with AAD SignIn user journey is expecting wrong issuer

Question

Azure AD B2C with AAD SignIn user journey is expecting wrong issuer

Arturo 46

I have setup the AAD Sign In within B2C following the instructions in this documentation article: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom?tabs=applications

The process fails when AAD redirects to the response endpoint on B2C and then being redirected to https://jwt.ms with the follwing message: AADB2C90238:
The provided id_token does not contain a valid issuer. Valid issuer values: 'https://sts.windows.net/<aad-tenant-id>/<b2c-tenant-id>/'. Please provide another token and try again.

Of course this will fail because the token originating from AAD issuer will only be https://sts.windows.net/<aad-tenant-id>

Why is B2C expecting the B2C tenant ID as part of the issuer from AAD?

FrankHu-MSFT 976 Reputation points

2019-11-08T21:52:51.543+00:00

Hey Artmasa, I see this is a duplicate question from https://social.msdn.microsoft.com/Forums/en-US/db46c12d-abc9-4bff-86da-9c24a00232dc/azure-ad-b2c-with-aad-signin-user-journey-is-expecting-wrong-issuer?forum=WindowsAzureAD

Were you able to check if the technical profile was setup properly? If you followed the instructions accordinlgy, this shouldn't be occurring.
FrankHu-MSFT 976 Reputation points

2019-11-08T21:56:19.357+00:00

In addition to that, can you check if you have the validtokenissuerprefixes claim in your custom claims policy?

See here for more information on this claim : https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom?tabs=applications#add-a-claims-provider
FrankHu-MSFT 976 Reputation points

2019-11-11T19:59:06.187+00:00

Hey Artmasa, could you respond to the comments in regards to this issue for further help?

Thanks,
Arturo 46 Reputation points

2019-11-11T20:25:10.057+00:00

Thank you. I had the wrong value for the prefixes

Accepted answer

0 additional answers

Your answer

FrankHu-MSFT 976 Reputation points

2019-11-08T21:52:51.543+00:00

Hey Artmasa, I see this is a duplicate question from https://social.msdn.microsoft.com/Forums/en-US/db46c12d-abc9-4bff-86da-9c24a00232dc/azure-ad-b2c-with-aad-signin-user-journey-is-expecting-wrong-issuer?forum=WindowsAzureAD

Were you able to check if the technical profile was setup properly? If you followed the instructions accordinlgy, this shouldn't be occurring.
FrankHu-MSFT 976 Reputation points

2019-11-08T21:56:19.357+00:00

In addition to that, can you check if you have the validtokenissuerprefixes claim in your custom claims policy?

See here for more information on this claim : https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom?tabs=applications#add-a-claims-provider
FrankHu-MSFT 976 Reputation points

2019-11-11T19:59:06.187+00:00

Hey Artmasa, could you respond to the comments in regards to this issue for further help?

Thanks,
Arturo 46 Reputation points

2019-11-11T20:25:10.057+00:00

Thank you. I had the wrong value for the prefixes

Answer 1

Check if you have the validtokenissuerprefixes claim in your custom claims policy

See here for more information on this claim : https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom?tabs=applications#add-a-claims-provider

Duplicate information here : https://social.msdn.microsoft.com/Forums/en-US/db46c12d-abc9-4bff-86da-9c24a00232dc/azure-ad-b2c-with-aad-signin-user-journey-is-expecting-wrong-issuer?forum=WindowsAzureAD

One of the values were wrong for the prefixes.

Share via

Azure AD B2C with AAD SignIn user journey is expecting wrong issuer

0 additional answers

Your answer