Azure Active Directory B2C AADB2C90051: No suitable claims providers were found

Question

I have created custom policies with SSO and account migration (you can view them on GitHub here, Note: I removed/edited values for security reasons). I want users to be able to sign in with a social provider OR local account for the first time. I will then migrate their account from the legacy identity provider to AAD B2C. The following goes wrong at the moment though.

The biggest problem is when the account is migrated and the user can sign in, then when trying to link social accounts, I get the following error.

AADB2C90051: No suitable claims providers were found.
Correlation ID: 4491cd4a-2f98-4a86-8d65-da3f7f26e890
Timestamp: 2022-11-20 10:38:05Z

The weird thing is, if I first sign-in using Google or Facebook (which then migrates the account) then sign-in with Microsoft or the local account, it will work. But when first signing in with either Microsoft or a local account, I get the error.

I've seen this and other posts but cannot find what I am missing. I know the policies are very big, so to start, look in CUSTOM_USERJOURNEY.xml for ProvisionOrSignInNewSocialAccount on GitHub.

Answer 1

By default, the hasPassword property doesn't exist by for existing local B2C user profiles. It is introduced by the linking Custom Policy. You will need to manually (or by script) add value true for that property, and it will start working.

You can use Graph API to add value, so basically PATCH to user endpoint:

PATCH /v1.0/users/12bda93c-f782-431c-b962-52c5304c0668 HTTP/1.1
Host: graph.microsoft.com
Content-Type: application/json
Authorization: Bearer eyJ0...

{    
    "extension_67a963aa6ce74511923b85511f0f8dad_hasPassword" : true
}

See here for full discussion: https://bytemeta.vip/repo/azure-ad-b2c/samples/issues/430

Slightly related to this question, but scenario is different: AAD-FindLocalAccountWithSocialEmail produces No suitable claims providers were found