Azure AD B2C with custom policies: Unable to authenticate user with temporary password -
i have configured azure ad b2c custom policies unable authenticate new user created in azure portal. user has temporary password. azure ad b2c returns error text invalid username or password, though username , password correct.
i have confirmed possible login new user , temporary password in azure ad b2c using non custom policies. after logging in, user gets prompted change password.
the problem can reproduced using custom policies described in guide: get started custom policies.
additional information:
i have configured b2crecorder https://b2crecorder.azurewebsites.net/stream?id=<guid>
in userjourneyrecorderendpoint. gives access more information through https://b2crecorder.azurewebsites.net/trace_102.html?id=<guid>
the problem result in following logging:
selfassertedmessagevalidationhandler message received null validation via selfassertedattributeprovider additional validation required... operativetechnicalprofile login-noninteractive mapping 'username' partner claim type 'signinname' policy claim type mapping default value 'undefined' policy 'grant_type' mapping default value 'undefined' policy 'scope' mapping default value 'undefined' policy 'nca' mapping default value 'undefined' policy 'client_id' mapping default value 'undefined' policy 'resource_id' using validation endpoint at: https://login.microsoftonline.com/xxxx.onmicrosoft.com/oauth2/token orchestration step: 1 ra: 0 protocol selected caller: oauth2 communications caller handled by: oauth2protocolprovider ic: true oauth2 message: msg(d56987e9-be2e-46fc-a7a4-23e317f8f174) message detail validationrequest: validationresponse: exception: exception of type 'web.tpengine.providers.badargumentretryneededexception' thrown.
the common reason on "proxyidentityexperienceframework application" after selecting checkbox access identityexperienceframework, clicking on select , hitting done, must complete next step:
select grant permissions, , confirm selecting yes.
edit:
sorry after reading situation carefully, both "sign-up or sign-in policy" or "custom policy" not support azure active directory forcechangepasswordnextlogin flag. (forcechangepasswordnextlogin work "sign-up policy") there feature request tracking here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/16861051-aadb2c-force-password-reset
Comments
Post a Comment