Azure B2c error 'Unable to validate the information provided.' when using custom attributes

0
votes

I'm trying to add custom attributes to a custom policy. However it generates this error 'Unable to validate the information provided.'

I followed the documentation of the links below, I have already added application id b2c-extensions-app and object too.

https://docs.microsoft.com/pt-br/azure/active-directory-b2c/custom-policy-custom-attributes

https://docs.microsoft.com/pt-br/azure/active-directory-b2c/configure-user-input?pivots=b2c-custom-policy

Error log message "Error returned was 400/Request_BadRequest: The following extension properties are not available: extension_f41be....._tipoUsuario."

Part of the code in my TrustFrameworkExtensions file, where it writes and retrieves the information in AD:

<ClaimsProvider>
  <DisplayName>Azure Active Directory</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="AAD-Common">
      <Metadata>
        <!--Insert b2c-extensions-app application ID here, for example: 11111111-1111-1111-1111-111111111111-->
        <Item Key="5bfd........"></Item>
        <!--Insert b2c-extensions-app application ObjectId here, for example: 22222222-2222-2222-2222-222222222222-->
        <Item Key="18bd6......."></Item>
      </Metadata>
    </TechnicalProfile>
    <TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
      <Metadata>
        <Item Key="client_id">f41be......</Item>
        <!--Insert b2c-extensions-app application ID here, for example: 11111111-1111-1111-1111-111111111111-->
       
      </Metadata>
      <PersistedClaims>
        <PersistedClaim ClaimTypeReferenceId="extension_tipoUsuario"/>
      </PersistedClaims>
    </TechnicalProfile>
    <!-- Write data during edit profile flow. -->
    <TechnicalProfile Id="AAD-UserWriteProfileUsingObjectId">
     
      <PersistedClaims>
        <PersistedClaim ClaimTypeReferenceId="extension_tipoUsuario"/>
      </PersistedClaims>
    </TechnicalProfile>
    <!-- Read data after user authenticates with a local account. -->
    <TechnicalProfile Id="AAD-UserReadUsingEmailAddress">
      
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="extension_tipoUsuario" />
      </OutputClaims>
    </TechnicalProfile>
    <!-- Read data after user authenticates with a federated account. -->
    <TechnicalProfile Id="AAD-UserReadUsingObjectId">
     
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="extension_tipoUsuario" />
      </OutputClaims>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>
1
azureazure-ad-b2cazure-ad-b2c-custom-policy
Did you setup application insights for troubleshooting? Would be great if you can share the relevant log :) If not, you can follow this to setup one.ray
Can you please confirm us the metadata url you are using in custom policyRaghavendra beldona
@Ray I didn't set up the app's insights, do you have this feature?Victor Moreira
@Raghavendra-MSFTIdentity What metadata are you referring to? I added TechnicalProfile Id = "AAD-Common" to the b2c-extensions-app and object metadata ID. Following are documents docs.microsoft.com/en-us/azure/active-directory-b2c/… It informs to insert some more TechnicalProfile, in which also add the same metadataVictor Moreira
i was referring to <Item Key="METADATA">https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration</Item> <Item Key="authorization_endpoint">https://login.microsoftonline.com/{tenant}/oauth2/token</Item>Raghavendra beldona

1 Answers

0
votes

One of the common root causes to this problem is misconfiguration of client ID metadata of B2C Extension App.

Make sure the tutorial here is followed.