-1

We are trying to block the federated user from azure ad b2c custom policies.

following the sample from https://github.com/azure-ad-b2c/samples/tree/master/policies/disable-social-account-from-logon

Issue:

When running the custom policies with our saml assertion from samples, when the federated user is logged in from the external IDP below page is triggered

The page after signin of federated user with the output claim of federated user details.

B2C URL: https://tenant.b2clogin.com/tenant.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer

I need to skip this page and make silent signup of user to generated objectid ad b2c using AAD-CreateAlternativeSecurityId technical profile.

Issue 2: Even with this page when I press continue, it throws an error "Unable to validate the information provided." not sure about this validation and how to overcome this error ?

In short, I need help on how to create a federated user in azure ad b2c automatically from the custom policies during signin and update extended user attributes for the federated user.

tejkal123
  • 1
  • 2
  • `unable to find the user information in the azure ad b2c tenant` -> do you mean in the Azure Portal? `only smal assertions output claims are displayed.` -> specifically what and where? and what are you expecting to see? what is `azure ad b2c users list`? Is that in the Azure Portal? If the users are being created, then you don't need to recreate them. – Jas Suri - MSFT Feb 01 '22 at 13:50
  • my bad in explaining, Updated the question now @JasSuri-MSFT can you suggest, thank you – tejkal123 Feb 01 '22 at 14:29

1 Answers1

0

Remove the orchestration step which references the SelfAsserted-Social technical profile. This technical profile will ask the user to provide more information (displayName, givenName, surName) after sign up with a Social Account.

If these claims are mapped appropriately with the social account technical profile, then they will just get written to the directory in a later step by default.

To troubleshoot your policy, follow this.

Jas Suri - MSFT
  • 10,605
  • 2
  • 10
  • 20
  • Yes, I tried to remove the orchestration step which referred to the SelfAsserted-Social technical profile and got the below error message: AADB2C90037: An error occurred while processing the request. Please contact administrator of the site you are trying to access. – tejkal123 Feb 03 '22 at 09:50