Custom Policies and application insights

5
votes

I'm trying to make App Insights work so I can debug my policies, using this:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-troubleshoot-custom

And based on this project: https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/LocalAccounts

Made the proper modifications:

<TrustFrameworkPolicy
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
    PolicySchemaVersion="0.3.0.0"
    TenantId="B2CPruebaProteccion.onmicrosoft.com"
    PolicyId="B2C_1A_PasswordReset"
    PublicPolicyUri="http://B2CPruebaProteccion.onmicrosoft.com/B2C_1A_PasswordReset
    UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">

    <BasePolicy>
        <TenantId>B2CPruebaProteccion.onmicrosoft.com</TenantId>
        <PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
    </BasePolicy>

    <RelyingParty>
        <DefaultUserJourney ReferenceId="PasswordReset" />
        <UserJourneyBehaviors>
            <JourneyInsights TelemetryEngine="ApplicationInsights" InstrumentationKey="00000000-0000-0000-0000-000000000000" DeveloperMode="true" ClientEnabled="false" ServerEnabled="true" TelemetryVersion="1.0.0" />
        </UserJourneyBehaviors>
        <TechnicalProfile Id="PolicyProfile">
        ...
</TrustFrameworkPolicy>

My data is not showing up in App Insights. How can I validate/repair this error?

2
azure-ad-b2c
What error do you mean? - Binarus
is not write anyting in app insithts - ChrisHUM ChrisHum

2 Answers

2
votes

You must also add the DeploymentMode="Development" attribute to the TrustFrameworkPolicy element.

For example:

<TrustFrameworkPolicy
  PolicySchemaVersion="0.3.0.0"
  TenantId="contoso.onmicrosoft.com"
  PolicyId="B2C_1A_sign_up_sign_in"
  PublicPolicyUri="http://contoso.onmicrosoft.com"
  DeploymentMode="Development"
  UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"
  xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    ...
</TrustFrameworkPolicy>
-1
votes

Dont use app insights with custom policies unless your happy for user data to be pushed to app insights

The journey recorder endpoint - urn:journeyrecorder:applicationinsights scrapes everything and chucks it to app insights, all usernames, password exist in App insights in clear text.

The best bet is to create a function app that accepts any a form body and pass it any claimsthat you want to send from B2C and then call it with the RESTFul provider in a technical provider

This way you can stop sensitive data going to App insights

They are also very clear not to use the journey recorder on production envs as it slows production down