Last active
March 20, 2023 06:39
-
-
Save rbrayb/1bf276e16f8078c40c45ee9f74a72c6f to your computer and use it in GitHub Desktop.
Tracing a weird exception on Azure AD B2C
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8" standalone="yes"?> | |
| <TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xmlns:xsd="http://www.w3.org/2001/XMLSchema" | |
| xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="yourtenant.onmicrosoft.com" | |
| PolicyId="B2C_1A_HTML_Error" PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_HTML_Error" | |
| DeploymentMode="Development" | |
| UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"> | |
| <!-- Web.TPEngine.StateMachineHandlers.SendErrorResponseToXmlHttpRequestClient --> | |
| <BasePolicy> | |
| <TenantId>yourtenant.onmicrosoft.com</TenantId> | |
| <PolicyId>B2C_1A_TRUSTFRAMEWORKEXTENSIONSMFA</PolicyId> | |
| </BasePolicy> | |
| <BuildingBlocks> | |
| <ClaimsSchema> | |
| <ClaimType Id="extension_a"> | |
| <DisplayName>Extension A</DisplayName> | |
| <DataType>string</DataType> | |
| <UserInputType>TextBox</UserInputType> | |
| </ClaimType> | |
| <ClaimType Id="extension_b"> | |
| <DisplayName>Extension B</DisplayName> | |
| <DataType>string</DataType> | |
| <UserInputType>TextBox</UserInputType> | |
| </ClaimType> | |
| <ClaimType Id="extension_dob"> | |
| <DisplayName>Extension DoB</DisplayName> | |
| <DataType>dateTime</DataType> | |
| <UserInputType>TextBox</UserInputType> | |
| </ClaimType> | |
| <ClaimType Id="accountEnabled"> | |
| <UserInputType>TextBox</UserInputType> | |
| </ClaimType> | |
| </ClaimsSchema> | |
| </BuildingBlocks> | |
| <ClaimsProviders> | |
| <ClaimsProvider> | |
| <DisplayName>Self-Asserted</DisplayName> | |
| <TechnicalProfiles> | |
| <TechnicalProfile Id="Get-Email"> | |
| <DisplayName>Get email</DisplayName> | |
| <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/> | |
| <Metadata> | |
| <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item> | |
| </Metadata> | |
| <OutputClaims> | |
| <OutputClaim ClaimTypeReferenceId="email"/> | |
| </OutputClaims> | |
| <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/> | |
| </TechnicalProfile> | |
| <TechnicalProfile Id="SelfAsserted-HTML"> | |
| <DisplayName>Display fields</DisplayName> | |
| <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/> | |
| <Metadata> | |
| <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item> | |
| </Metadata> | |
| <InputClaims> | |
| <InputClaim ClaimTypeReferenceId="accountEnabled"/> | |
| <InputClaim ClaimTypeReferenceId="givenName"/> | |
| <InputClaim ClaimTypeReferenceId="surname"/> | |
| <InputClaim ClaimTypeReferenceId="extension_a"/> | |
| <InputClaim ClaimTypeReferenceId="extension_b"/> | |
| <InputClaim ClaimTypeReferenceId="extension_dob"/> | |
| </InputClaims> | |
| <OutputClaims> | |
| <OutputClaim ClaimTypeReferenceId="accountEnabled"/> | |
| <OutputClaim ClaimTypeReferenceId="givenName"/> | |
| <OutputClaim ClaimTypeReferenceId="surname"/> | |
| <OutputClaim ClaimTypeReferenceId="extension_a"/> | |
| <OutputClaim ClaimTypeReferenceId="extension_b"/> | |
| <OutputClaim ClaimTypeReferenceId="extension_dob"/> | |
| </OutputClaims> | |
| <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/> | |
| </TechnicalProfile> | |
| </TechnicalProfiles> | |
| </ClaimsProvider> | |
| </ClaimsProviders> | |
| <UserJourneys> | |
| <UserJourney Id="HTML"> | |
| <OrchestrationSteps> | |
| <OrchestrationStep Order="1" Type="ClaimsExchange"> | |
| <ClaimsExchanges> | |
| <ClaimsExchange Id="Get-Email" TechnicalProfileReferenceId="Get-Email"/> | |
| </ClaimsExchanges> | |
| </OrchestrationStep> | |
| <!-- Check if the user has selected to sign in using one of the social providers --> | |
| <OrchestrationStep Order="2" Type="ClaimsExchange"> | |
| <ClaimsExchanges> | |
| <ClaimsExchange Id="AAD-UserReadUsingEmailAddress" TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress"/> | |
| </ClaimsExchanges> | |
| </OrchestrationStep> | |
| <OrchestrationStep Order="3" Type="ClaimsExchange"> | |
| <ClaimsExchanges> | |
| <ClaimsExchange Id="SelfAsserted-HTML" TechnicalProfileReferenceId="SelfAsserted-HTML"/> | |
| </ClaimsExchanges> | |
| </OrchestrationStep> | |
| <OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/> | |
| </OrchestrationSteps> | |
| <ClientDefinition ReferenceId="DefaultWeb"/> | |
| </UserJourney> | |
| </UserJourneys> | |
| <RelyingParty> | |
| <DefaultUserJourney ReferenceId="HTML"/> | |
| <UserJourneyBehaviors> | |
| <JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="xyz" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0"/> | |
| </UserJourneyBehaviors> | |
| <TechnicalProfile Id="PolicyProfile"> | |
| <DisplayName>PolicyProfile</DisplayName> | |
| <Protocol Name="OpenIdConnect"/> | |
| <OutputClaims> | |
| <OutputClaim ClaimTypeReferenceId="displayName"/> | |
| <OutputClaim ClaimTypeReferenceId="givenName"/> | |
| <OutputClaim ClaimTypeReferenceId="surname"/> | |
| <OutputClaim ClaimTypeReferenceId="email"/> | |
| <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/> | |
| <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}"/> | |
| </OutputClaims> | |
| <SubjectNamingInfo ClaimType="sub"/> | |
| </TechnicalProfile> | |
| </RelyingParty> | |
| </TrustFrameworkPolicy> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8" standalone="yes"?> | |
| <TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xmlns:xsd="http://www.w3.org/2001/XMLSchema" | |
| xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="yourtenant.onmicrosoft.com" | |
| PolicyId="B2C_1A_HTML_Error" PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_HTML_Error" | |
| DeploymentMode="Development" | |
| UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"> | |
| <!-- Web.TPEngine.StateMachineHandlers.SendErrorResponseToXmlHttpRequestClient --> | |
| <BasePolicy> | |
| <TenantId>yourtenant.onmicrosoft.com</TenantId> | |
| <PolicyId>B2C_1A_TRUSTFRAMEWORKEXTENSIONSMFA</PolicyId> | |
| </BasePolicy> | |
| <BuildingBlocks> | |
| <ClaimsSchema> | |
| <ClaimType Id="extension_a"> | |
| <DataType>string</DataType> | |
| </ClaimType> | |
| <ClaimType Id="extension_b"> | |
| <DataType>string</DataType> | |
| </ClaimType> | |
| </ClaimsSchema> | |
| </BuildingBlocks> | |
| <ClaimsProviders> | |
| <ClaimsProvider> | |
| <DisplayName>Self-Asserted</DisplayName> | |
| <TechnicalProfiles> | |
| <TechnicalProfile Id="Get-Email"> | |
| <DisplayName>Get email</DisplayName> | |
| <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/> | |
| <Metadata> | |
| <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item> | |
| </Metadata> | |
| <OutputClaims> | |
| <OutputClaim ClaimTypeReferenceId="email"/> | |
| </OutputClaims> | |
| <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/> | |
| </TechnicalProfile> | |
| <TechnicalProfile Id="SelfAsserted-HTML"> | |
| <DisplayName>Display fields</DisplayName> | |
| <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/> | |
| <Metadata> | |
| <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item> | |
| </Metadata> | |
| <InputClaims> | |
| <InputClaim ClaimTypeReferenceId="accountEnabled"/> | |
| <InputClaim ClaimTypeReferenceId="givenName"/> | |
| <InputClaim ClaimTypeReferenceId="surname"/> | |
| <InputClaim ClaimTypeReferenceId="extension_a"/> | |
| <InputClaim ClaimTypeReferenceId="extension_b"/> | |
| </InputClaims> | |
| <OutputClaims> | |
| <OutputClaim ClaimTypeReferenceId="accountEnabled"/> | |
| <OutputClaim ClaimTypeReferenceId="givenName"/> | |
| <OutputClaim ClaimTypeReferenceId="surname"/> | |
| <OutputClaim ClaimTypeReferenceId="extension_a"/> | |
| <OutputClaim ClaimTypeReferenceId="extension_b"/> | |
| </OutputClaims> | |
| <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/> | |
| </TechnicalProfile> | |
| </TechnicalProfiles> | |
| </ClaimsProvider> | |
| </ClaimsProviders> | |
| <UserJourneys> | |
| <UserJourney Id="HTML"> | |
| <OrchestrationSteps> | |
| <OrchestrationStep Order="1" Type="ClaimsExchange"> | |
| <ClaimsExchanges> | |
| <ClaimsExchange Id="Get-Email" TechnicalProfileReferenceId="Get-Email"/> | |
| </ClaimsExchanges> | |
| </OrchestrationStep> | |
| <!-- Check if the user has selected to sign in using one of the social providers --> | |
| <OrchestrationStep Order="2" Type="ClaimsExchange"> | |
| <ClaimsExchanges> | |
| <ClaimsExchange Id="AAD-UserReadUsingEmailAddress" TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress"/> | |
| </ClaimsExchanges> | |
| </OrchestrationStep> | |
| <OrchestrationStep Order="3" Type="ClaimsExchange"> | |
| <ClaimsExchanges> | |
| <ClaimsExchange Id="SelfAsserted-HTML" TechnicalProfileReferenceId="SelfAsserted-HTML"/> | |
| </ClaimsExchanges> | |
| </OrchestrationStep> | |
| <OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/> | |
| </OrchestrationSteps> | |
| <ClientDefinition ReferenceId="DefaultWeb"/> | |
| </UserJourney> | |
| </UserJourneys> | |
| <RelyingParty> | |
| <DefaultUserJourney ReferenceId="HTML"/> | |
| <UserJourneyBehaviors> | |
| <JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="xyz" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0"/> | |
| </UserJourneyBehaviors> | |
| <TechnicalProfile Id="PolicyProfile"> | |
| <DisplayName>PolicyProfile</DisplayName> | |
| <Protocol Name="OpenIdConnect"/> | |
| <OutputClaims> | |
| <OutputClaim ClaimTypeReferenceId="displayName"/> | |
| <OutputClaim ClaimTypeReferenceId="givenName"/> | |
| <OutputClaim ClaimTypeReferenceId="surname"/> | |
| <OutputClaim ClaimTypeReferenceId="email"/> | |
| <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/> | |
| <OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}"/> | |
| </OutputClaims> | |
| <SubjectNamingInfo ClaimType="sub"/> | |
| </TechnicalProfile> | |
| </RelyingParty> | |
| </TrustFrameworkPolicy> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://medium.com/the-new-control-plane/tracing-a-weird-exception-on-azure-ad-b2c-f4c104fd6ca7