I am using azure adb2c custom policies , my requirement is to block the user from using the last 10 password. So i am trying to store the password using password reset custom policies . I took the reference from here. I am getting internal server error .
Exception Message:An internal error has occurred., CorrelationID:ce643089-eec8-496f-96b6-275fa705c0dd
<?xml version="1.0" encoding="UTF-8"?>
<TrustFrameworkPolicy xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicySchemaVersion="0.3.0.0" TenantId="XXX.onmicrosoft.com" PolicyId="B2C_1A_HISTORYResetPassword" DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights" PublicPolicyUri="http://XXX.onmicrosoft.com/B2C_1A_HISTORYResetPassword">
<BasePolicy>
<TenantId>XXX.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
</BasePolicy>
<BuildingBlocks>
<ClaimsSchema>
<ClaimType Id="IsPasswordValid">
<DisplayName>password is valid</DisplayName>
<DataType>boolean</DataType>
<UserHelpText>password is not one of past 5 passwords</UserHelpText>
</ClaimType>
<ClaimType Id="userPassHash">
<DisplayName>request JSON body for user password hash info</DisplayName>
<DataType>string</DataType>
<UserHelpText>request JSON body for user password hash info</UserHelpText>
</ClaimType>
<ClaimType Id="hashedPassword">
<DisplayName>Hashed password</DisplayName>
<DataType>string</DataType>
</ClaimType>
</ClaimsSchema>
<ClaimsTransformations>
<ClaimsTransformation Id="HashPasswordWithEmail" TransformationMethod="Hash">
<InputClaims>
<InputClaim ClaimTypeReferenceId="newPassword" TransformationClaimType="plaintext" />
<InputClaim ClaimTypeReferenceId="email" TransformationClaimType="salt" />
</InputClaims>
<InputParameters>
<InputParameter Id="randomizerSecret" DataType="string" Value="B2C_1A_AccountTransformSecret" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="hashedPassword" TransformationClaimType="hash" />
</OutputClaims>
</ClaimsTransformation>
<ClaimsTransformation Id="GeneratePassHashBody" TransformationMethod="GenerateJson">
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectid" TransformationClaimType="username" />
<InputClaim ClaimTypeReferenceId="hashedPassword" TransformationClaimType="hash" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="userPassHash" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
</ClaimsTransformations>
</BuildingBlocks>
<ClaimsProviders>
<ClaimsProvider>
<DisplayName>Password reset overrides</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="LocalAccountDiscoveryUsingEmailAddress">
<Metadata>
<Item Key="EnforceEmailVerification">false</Item>
</Metadata>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
<ClaimsProvider>
<DisplayName>Technical Profiles For Checking Password History</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="ValidatePasswordHash">
<DisplayName>Validate that new password is not one of past 5 passwords</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<!--Sample: update the ServiceUrl with the Url to your password hash service, e.g. passhash.azurewebsites.net -->
<Item Key="ServiceUrl">https://XXX.azurewebsites.net/api/ValidatePasswordHash?code=9AWILE36B_BAJJtRrnX0ASyHMIbyK_ZFgoxiUR1OCBxyAzFugayEsA==</Item>
<Item Key="AuthenticationType">Basic</Item>
<Item Key="AllowInsecureAuthInProduction">true</Item>
<Item Key="SendClaimsIn">Body</Item>
<Item Key="UserMessageIfDnsResolutionFailed">UserMessageIfRequestTimeout121212</Item>
<Item Key="UserMessageIfRequestTimeout">teset1</Item>
<Item Key="UserMessageIfCircuitOpen">true</Item>
<Item Key="ClaimUsedForRequestPayload">userPassHash</Item>
<Item Key="DefaultUserMessageIfRequestFailed">Cannot process your request right now, please try again later.</Item>
</Metadata>
<!-- <CryptographicKeys>
<Key Id="BasicAuthenticationUsername" StorageReferenceId="B2C_1A_MyClientId" />
<Key Id="BasicAuthenticationPassword" StorageReferenceId="B2C_1A_MyClientSecret" />
</CryptographicKeys> -->
<InputClaimsTransformations>
<InputClaimsTransformation ReferenceId="HashPasswordWithEmail" />
<InputClaimsTransformation ReferenceId="GeneratePassHashBody" />
</InputClaimsTransformations>
<InputClaims>
<InputClaim ClaimTypeReferenceId="userPassHash" />
</InputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
<ClaimsProvider>
<DisplayName>AAD Overrides</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="LocalAccountWritePasswordUsingObjectId-ForHistory">
<DisplayName>Change password (username)</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.localaccountpasswordreset</Item>
</Metadata>
<CryptographicKeys>
<Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
</CryptographicKeys>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
<OutputClaim ClaimTypeReferenceId="IsPasswordValid" DefaultValue="true" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="ValidatePasswordHash" />
<ValidationTechnicalProfile ReferenceId="AAD-UserWritePasswordUsingObjectId" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
<UserJourneys>
<UserJourney Id="PasswordResetWithHistoryCheck">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="PasswordResetUsingEmailAddressExchange" TechnicalProfileReferenceId="LocalAccountDiscoveryUsingEmailAddress" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountWritePasswordUsingObjectId-ForHistory" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>
</UserJourneys>
<RelyingParty>
<DefaultUserJourney ReferenceId="PasswordResetWithHistoryCheck" />
<UserJourneyBehaviors>
<JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="94701752-973e-4316-afd7-9f2fdb96c028" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
<ScriptExecution>Allow</ScriptExecution>
</UserJourneyBehaviors>
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
<OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true" DefaultValue="{Policy:TenantObjectId}" />
<OutputClaim ClaimTypeReferenceId="IsPasswordValid" />
</OutputClaims>
<SubjectNamingInfo ClaimType="sub" />
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
