'How to troubleshoot validation errors in Azure Active Directory B2C custom attributes

Azure AD B2C Custom Policy is failing validation and there is no reference to what is causing the validation error.

I already had custom policies defined for my application to start with and everything works fine prior to my adding a simple companyName string to the signup process. I followed the steps detailed in this guide to add a field to collect at signup. I ran into issues uploading the singup_signing custom policy after successfully uploading the TrustFrameworkBase policy. It was telling me that

Validation failed: 1 validation error(s) found in policy "B2C_1A_SIGNUP_SIGNIN" of tenant "xxxxx".Output Claim 'companyName' is not supported in Azure Active Directory Provider technical profile 'AAD-UserReadUsingObjectId' of policy 'B2C_1A_signup_signin'. If it is a claim with default value, add AlwaysUseDefaultValue="true" to the output claim mapping.

So I did as suggested and added the AlwaysUseDefaultValue="true" and DefaultValue="" attributes to the OutputClaim in the 'AAD-UserReadUsingObjectId' technical profile. This allowed me to upload the policy file successfully.

However, when I test the signup_signin policy, I get a message stating

Unable to validate the information provided.

I have Application Insights setup for this tenant as well and see the equally vague error message

Error returned was 400/Request_BadRequest: One or more property values specified are invalid.

I added the claim type to the claims schema in FrameworkBase

<ClaimType Id="companyName">
  <DisplayName>Company</DisplayName>
  <DataType>string</DataType>
  <UserHelpText>Your company</UserHelpText>
  <UserInputType>TextBox</UserInputType>
</ClaimType>

I added the PersistedClaim to TechnicalProfile 'AAD-UserWriteUsingLogonEmail' <PersistedClaim ClaimTypeReferenceId="companyName" />

I added the OutputClaim to TechnicalProfiles 'AAD-UserReadUsingEmailAddress' <OutputClaim ClaimTypeReferenceId="companyName" /> and 'AAD-UserReadUsingObjectId' <OutputClaim ClaimTypeReferenceId="companyName" AlwaysUseDefaultValue="true" DefaultValue="" />

I added the OutputClaim to signup_signin.xml as well <OutputClaim ClaimTypeReferenceId="companyName" />

I expect that the user is successfully signed up but get the validation error above instead

azure-ad-b2cazure-ad-b2c-custom-policy


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Pass parameters to Sign-up policy

Pass parameters to Sign-up policy

Azure AD B2C with React Native Expo

Is it possible to automatically update B2C user details by using claims from the Issuer, using Identity Experience Framework?

Can I use SVG within a customized the Azure AD B2C user interface?

Azure B2C password field text and placeholder

Looking up users in AAD B2C using extension attributes or unusual standard attributes

Azure AD B2C - Supporting a daemon app along with B2C clients such as Web page and native mobile app

Single Sign Out Not working between OpenID & SAML (Azure AD B2C)

Argo Workflow SSO not working with Azure Active Directory B2C

How to query another Azure Active Directory tenant from Graph Explorer

Azure AD B2C Single Sign Out not signing out all applications when using multiple protocols

404 Not Found error via resource owner password credentials flow in Azure AD B2C

Azure B2C - REST API call Error "Message: The claims exchange <Id> specified in step <order> returned HTTP error response that could not be parsed"

Xamarin.Forms MSAL authentication java.exe exited with code 1