Azure AD B2C with custom policies: Unable to authenticate user with temporary password -


i have configured azure ad b2c custom policies unable authenticate new user created in azure portal. user has temporary password. azure ad b2c returns error text invalid username or password, though username , password correct.

i have confirmed possible login new user , temporary password in azure ad b2c using non custom policies. after logging in, user gets prompted change password.

the problem can reproduced using custom policies described in guide: get started custom policies.

additional information:

i have configured b2crecorder https://b2crecorder.azurewebsites.net/stream?id=<guid> in userjourneyrecorderendpoint. gives access more information through https://b2crecorder.azurewebsites.net/trace_102.html?id=<guid>

the problem result in following logging:

selfassertedmessagevalidationhandler  message received null  validation via selfassertedattributeprovider  additional validation required...  operativetechnicalprofile login-noninteractive  mapping 'username' partner claim type 'signinname' policy claim type  mapping default value 'undefined' policy 'grant_type'  mapping default value 'undefined' policy 'scope'  mapping default value 'undefined' policy 'nca'  mapping default value 'undefined' policy 'client_id'  mapping default value 'undefined' policy 'resource_id'  using validation endpoint at: https://login.microsoftonline.com/xxxx.onmicrosoft.com/oauth2/token  orchestration step: 1  ra: 0  protocol selected caller: oauth2  communications caller handled by: oauth2protocolprovider  ic: true  oauth2 message: msg(d56987e9-be2e-46fc-a7a4-23e317f8f174) message detail  validationrequest:  validationresponse:  exception:  exception of type 'web.tpengine.providers.badargumentretryneededexception' thrown.

the common reason on "proxyidentityexperienceframework application" after selecting checkbox access identityexperienceframework, clicking on select , hitting done, must complete next step:

select grant permissions, , confirm selecting yes.

edit:

sorry after reading situation carefully, both "sign-up or sign-in policy" or "custom policy" not support azure active directory forcechangepasswordnextlogin flag. (forcechangepasswordnextlogin work "sign-up policy") there feature request tracking here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/16861051-aadb2c-force-password-reset


Comments

Post a Comment

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

i've set bento/ubuntu-16.04 vagrant box using php 5.6, , getting following error quite few times when try , run shell script: "uncaught reflection exception: class domdocument not exist". i've tried adding following top of script (not together), each no success: "sudo apt-get install php5.6-xml", "sudo apt-get install php5-xml", "sudo apt-get install php-dom" i've tried resetting server "sudo service apache2 restart". does have suggestions?
Read more

vue.js - Create hooks for automated testing -

Image
qa guys complained can't automate frontend testing. because our html looks same outside. lazy hack did this <template> <div :role="$options.name"> ... </div> </template> <script> export default { name: 'vmcomponentname' } </script> which takes name script , applies html. in browser get: <div role="vmcomponentname"> ... </div> line :role="$options.name" goes in every component. is there dry er solutions? please share. additional details i'll explain in details looking for. imagine have vmusercreate form creates user. test case can create user . to automatically test without role, have use following selector: .wrapper > .wrapper > .wrapper > .submit-button the test extremely brittle (will break lot). if use roles can use [role="vmusercreateform"] .submit-button selector. many folds less brittle. so basically, i'm
Read more

.htaccess - ERR_TOO_MANY_REDIRECTS htaccess -

could can explain me .htaccess code doing? rewriterule ([0-9]+)/([^t]{1}[a-za-z0-9_-]{0,})\.([^s]{1}[a-za-z0-9]+)$ ../items/go.php?u=$1/$2.$3 i have folder : mywebsite.com/download/folder1/ .htaccess file in uplevel mywebsite.com/download/ folder contains code above. when access file directly path mywebsite.com/download/folder1/file.mp4 returns error : mywebsite.com redirected many times. try clearing cookies. err_too_many_redirects i tried clear browser cookies issue persist. issue solved when commented out htaccess line above. this rule appears looking specific pattern consisting of: <numbers>/<alphanumeric string not starting t , other conditions applied>.<alphanumeric string not starting s> then redirecting user's browser go.php parsed filename passed file arguments. err_too_many_redirects due infinite redirect loop. without knowing other rewriterule statements present difficult narrow down exact cause. can narrow down
Read more