Azure AD B2C with custom policies: Unable to authenticate user with temporary password -


i have configured azure ad b2c custom policies unable authenticate new user created in azure portal. user has temporary password. azure ad b2c returns error text invalid username or password, though username , password correct.

i have confirmed possible login new user , temporary password in azure ad b2c using non custom policies. after logging in, user gets prompted change password.

the problem can reproduced using custom policies described in guide: get started custom policies.

additional information:

i have configured b2crecorder https://b2crecorder.azurewebsites.net/stream?id=<guid> in userjourneyrecorderendpoint. gives access more information through https://b2crecorder.azurewebsites.net/trace_102.html?id=<guid>

the problem result in following logging:

selfassertedmessagevalidationhandler  message received null  validation via selfassertedattributeprovider  additional validation required...  operativetechnicalprofile login-noninteractive  mapping 'username' partner claim type 'signinname' policy claim type  mapping default value 'undefined' policy 'grant_type'  mapping default value 'undefined' policy 'scope'  mapping default value 'undefined' policy 'nca'  mapping default value 'undefined' policy 'client_id'  mapping default value 'undefined' policy 'resource_id'  using validation endpoint at: https://login.microsoftonline.com/xxxx.onmicrosoft.com/oauth2/token  orchestration step: 1  ra: 0  protocol selected caller: oauth2  communications caller handled by: oauth2protocolprovider  ic: true  oauth2 message: msg(d56987e9-be2e-46fc-a7a4-23e317f8f174) message detail  validationrequest:  validationresponse:  exception:  exception of type 'web.tpengine.providers.badargumentretryneededexception' thrown. 

the common reason on "proxyidentityexperienceframework application" after selecting checkbox access identityexperienceframework, clicking on select , hitting done, must complete next step:

select grant permissions, , confirm selecting yes.

edit:

sorry after reading situation carefully, both "sign-up or sign-in policy" or "custom policy" not support azure active directory forcechangepasswordnextlogin flag. (forcechangepasswordnextlogin work "sign-up policy") there feature request tracking here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/16861051-aadb2c-force-password-reset


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

.htaccess - ERR_TOO_MANY_REDIRECTS htaccess -