PS> Import-Module .\ExploreAdmin.dll getting error

[kamranbashir]

Adding the cryptographic key for the “generic” IdP as claims provider To add the cryptographic key needed by the “generic” IdP as claims provider, proceed with the following steps:

Open a Windows PowerShell command prompt. Change to the directory to the ExploreAdmin folder in the Starter-Pack folder. The Starter-Pack folder corresponds to the path C:\Code\AAD-B2C\B2CDemoTools-master in our configuration.

PS> cd C:\Code\AAD-B2C\B2CDemoTools-master\ExploreAdmin

Generate the cryptographic key in your B2C tenant by running the following commands: PS> Import-Module .\ExploreAdmin.dll

PS> Set-CpimKeyContainer -Tenant contoso369b2c.onmicrosoft.com -StorageReferenceId B2CAuthClientSecret -UnencodedAsciiKey abcdef

------- my steps ------------

0. Open powershell as administrator
1. I have a folder on my pc at C:\Code\ExploreAdmin
2. PS> cd C:\Code\ 3, PS C:\Code> Import-Module .\ExploreAdmin.dll Import-Module : The specified module '.\ExploreAdmin.dll' was not loaded because no valid module file was found in any module directory. At line:1 char:2
   • Import-Module .\ExploreAdmin.dll
   • CategoryInfo : ResourceUnavailable: (.\ExploreAdmin.dll:String) [Import-Module], FileNotFoundException
   • FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand

I have one more question, why i need to create a key like above mentioned? when we have option in azure portal to create a key. I assume the key will be used in TrustFrameworkExtensions.xml.

stack over flow refernec: https://stackoverflow.com/questions/49324501/how-to-use-identityserver3-or-4-in-azure-b2c-as-custom-policy any one has idea, why i am getting error

[rojasja]

Hello.

All key generation is now possible directly in the Azure Portal. Inside your b2c tenant. Select Identity Experience Framework (an Azure Subscription is required) Select Key Management.

[rojasja]

ExploreAdmin.dll is deprecated.

[kamranbashir]

yes, i got it working before your reply many thanks for your reply

[kamranbashir]

in Azure b2c custom policy file TrustFrameworkExtensions.xml which section i can pass a query string variable for example identity server 4 http://docs.identityserver.io/en/release/endpoints/token.html?highlight=acr_values

i want to pass acr_values allows passing in additional authentication related information for the password grant type - identityserver special cases the following proprietary acr_values:

idp:name_of_idp bypasses the login/home realm screen and forwards the user directly to the selected identity provider (if allowed per client configuration)

tenant:name_of_tenant can be used to pass a tenant name to the token endpoint

refresh_token

thanks

[chrispadgettlivecom]

Hi @kamranbashir

Do you want to set acr_values for the authorization endpoint or the token endpoint?

It can be set for the authorization endpoint by appending to the authorization_endpoint item of the IdentityServer technical profile as follows:

<Metadata>
    <Item Key="authorization_endpoint">https://identityserver/connect/authorize?acr_values=idp%3Aname_of_idp</Item>
</Metadata>

[kamranbashir]

Good news it worked. 👍 . many thanks for the help.

Now i need to know how configure rest!!

2018-03-18T12:58:53 PID[18564] Information 2018-03-18 12:58:53.153 +00:00 [Information] identity provider requested, redirecting to: "microsoft" 2018-03-18T12:58:53 PID[18564] Information 2018-03-18 12:58:53.169 +00:00 [Information] External login requested for provider: "microsoft" 2018-03-18T12:58:53 PID[18564] Error 2018-03-18 12:58:53.169 +00:00 [Error] External login error: provider requested microsoft is not a configured external provider 2018-03-18T12:58:53 PID[18564] Information 2018-03-18 12:58:53.184 +00:00 [Information] { "Category": "Endpoints", "Name": "Endpoint failure", "EventType": "Failure", "Id": 3001, "Message": "External login error: provider requested microsoft is not a configured external provider", "Details": { "EndpointName": "authenticate" }, "Context": { "ActivityId": "eb3348ed-3e2a-4b15-b39f-9bedc887aa3a", "TimeStamp": "2018-03-18T12:58:53.1846154+00:00", "ProcessId": 18564, "MachineName": "RD00155D974697", "RemoteIpAddress": "213.105.186.4" } }

[chrispadgettlivecom]

Excellent, @kamranbashir, can you please post the above question with the azure-ad-b2c tag to Stack Overflow so it can be answered and then discovered by others?

[kamranbashir]

I have updated stack overflow.

From identity server: 2018-03-18T21:14:45 PID[18300] Information 2018-03-18 21:14:45.699 +00:00 [Information] Start key discovery request 2018-03-18T21:14:46 PID[18300] Information 2018-03-18 21:14:46.121 +00:00 [Information] Start authorize request 2018-03-18T21:14:46 PID[18300] Information 2018-03-18 21:14:46.137 +00:00 [Information] Start authorize request protocol validation 2018-03-18T21:14:46 PID[18300] Error 2018-03-18 21:14:46.184 +00:00 [Error] "Invalid flow for client: AuthorizationCode" "{ \"ClientId\": \"renukey\", \"RedirectUri\": \"https://login.microsoftonline.com/te/kamtenant.onmicrosoft.com/oauth2/authresp\", \"AllowedRedirectUris\": [ \"https://login.microsoftonline.com/te/kamtenant.onmicrosoft.com/oauth2/authresp\" ], \"SubjectId\": \"unknown\", \"ResponseType\": \"code\", \"ResponseMode\": \"form_post\", \"Flow\": \"AuthorizationCode\",

so far azure b2c policy by default sending flow = AuthorizationCode to identity server 3/4

how we can send flow= client_credentials from TrustFrameworkExtensions.xml policy file.

Doest not work below mentioned in TrustFrameworkExtensions.xml InputClaims
InputClaim ClaimTypeReferenceId="grant_type" DefaultValue="password"
/InputClaims

[chrispadgettlivecom]

Hi @kamranbashir

Can you please create a new issue for this or, better, create a Stack Overflow post for it?