Share via

Azure AD B2C Change Password Custom Policy returns Invalid Username or password error while trying to change password

Sunny 1 Reputation point
2022-08-30T14:46:10.927+00:00

I am trying to change the password using AD B2C Change Password Custom policy immediately after creating it using the Sign Up custom policy. But I am getting an error saying 'Invalid Username or password.' Could you please let me know if I am missing anything in my Change Password Custom policy given below ? 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>  
<TrustFrameworkPolicy  
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"  
  xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"  
  PolicySchemaVersion="0.3.0.0"  
  TenantId="testb2ctest.onmicrosoft.com"  
  PolicyId="B2C_1A_L_PASSWORDCHANGE"  
  PublicPolicyUri="http://testb2ctest.onmicrosoft.com/B2C_1A_L_PASSWORDCHANGE">  
  
  <BasePolicy>  
    <TenantId>testb2ctest.onmicrosoft.com</TenantId>  
    <PolicyId>B2C_1A_L_TrustFrameworkExtensions</PolicyId>  
  </BasePolicy>  
  
  <RelyingParty>  
    <DefaultUserJourney ReferenceId="PasswordChange" />  
    <TechnicalProfile Id="PolicyProfile">  
      <DisplayName>PolicyProfile</DisplayName>  
      <Protocol Name="OpenIdConnect" />  
      <OutputClaims>  
        <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>  
      </OutputClaims>  
      <SubjectNamingInfo ClaimType="sub" />  
    </TechnicalProfile>  
  </RelyingParty>  
</TrustFrameworkPolicy>
Microsoft Security Microsoft Entra Microsoft Entra External ID
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 42,486 Reputation points
    2022-08-30T14:58:10.797+00:00

    HI,

    Just to check if the policy is for PasswordChange and not for PasswordReset? As both the scenarios are different for Password:

    PasswordChange:

    236186-image.png

    PasswordReset

    236195-image.png

    Please check the workflow.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  2. Sunny 1 Reputation point
    2022-08-30T15:31:00.917+00:00

    Hi Jimmy,
    Thanks for your reply. Sorry for the confusion, it's for Password Change and not for Password Reset. I have updated my question now. Could you please let me know if I am missing anything on my custom policy ? Thanks.

    0 comments
  3. James Hamil 27,211 Reputation points Microsoft Employee Moderator
    2022-09-02T19:07:58.887+00:00

    Hi @Sunny , I'm sorry you're having this problem. This is a pretty common problem with a few documents/threads that can help you resolve it. From this SO thread:

    "Claim names between user flow and custom policies are different, so here when it’s trying to verify the old password, the users identifier ends up being null. Use custom policies OR user flows, do not combine."

    If you are using both, this may be the case. This Github thread should help with details.

    Another thread here details a more complex issue that may be causing this.

    Please review these documents and let me know if they help. If not I can help you further.

    If this answer helped you please mark it as "Verified" so other users can reference it.

    Thank you,
    James

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.