search

MicrosoftDocs / azure-docs

Open source documentation of Microsoft Azure
https://docs.microsoft.com/azure
Creative Commons Attribution 4.0 International
10.3k stars 21.48k forks source link

Error: User journey must be preceded by a claims provider selection #6866

Closed afroz0429 closed 6 years ago

afroz0429 commented 6 years ago

I started from scratch

First orchestration step is

 <OrchestrationSteps>
        <OrchestrationStep Order="1" Type="ClaimsExchange">
          <ClaimsExchanges>
            <ClaimsExchange Id="JourneyContextForInsights" TechnicalProfileReferenceId="JourneyContextForInsights" />
          </ClaimsExchanges>
        </OrchestrationStep>

Tried moving ClaimsSchema and ClaimsProviders to the TrustFrameworkBase.xml but still get the same error.

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

femsulu commented 6 years ago

@afroz0429 Thanks for the feedback. We are actively investigating and will get back to you soon.

chrift commented 6 years ago

Hi @femsulu , did you manage to get anywhere with this?

I'm getting this error also, using the following orchestration steps:

<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp"
                   ContentDefinitionReferenceId="api.signuporsignin">
    <ClaimsProviderSelections>
        <ClaimsProviderSelection TargetClaimsExchangeId="FacebookExchange"/>
        <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange"/>
    </ClaimsProviderSelections>
    <ClaimsExchanges>
        <ClaimsExchange Id="LocalAccountSigninEmailExchange"
                        TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email"/>
    </ClaimsExchanges>
</OrchestrationStep>

        <!-- Check if the user has selected to sign in using one of the social providers -->
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
    <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
        <Value>objectId</Value>
        <Action>SkipThisOrchestrationStep</Action>
    </Precondition>
</Preconditions>
<ClaimsExchanges>
    <ClaimsExchange Id="FacebookExchange" TechnicalProfileReferenceId="Facebook-OAUTH"/>
    <ClaimsExchange Id="SignUpWithLogonEmailExchange"
                    TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail"/>
</ClaimsExchanges>
</OrchestrationStep>

<OrchestrationStep Order="3" Type="ClaimsExchange">
<ClaimsExchanges>
    <ClaimsExchange Id="GetFavouriteColour" TechnicalProfileReferenceId="SATP-GetFavouriteColour"/>
</ClaimsExchanges>
</OrchestrationStep>
FarhanaJabbar commented 6 years ago

Any update on this issue? I am getting the similar issue.

davidmu1 commented 6 years ago

in-progress

ltouro commented 6 years ago

Had the same problem while trying to follow this doc and change the E-mail based login for Username based login based on this SO post.

Solved the problem by removing the UserJourney SignUpOrSignIn from TrustFrameworkBase.xml and keeping it only in TrustFrameworkExtensions.xml

chadc commented 6 years ago

Itouro did you actually get this to work? I've followed the referenced SO post but I still cannot upload TrustFrameworkExtensions.xml. I receive an error that the claims exchange LocalAccountSigninEmailExchange is not found.

ltouro commented 6 years ago

@chadc Hey chadc. Had some trouble other day, but gave it a fresh start today and worked. My strategy was to make very simple and small changes before each upload/test cycle. First, made it work with Email based Signup (the default SocialAndLocalAccounts Starter pack available here) for a new B2C Tenant.

I don't have any reference to LocalAccountSigninEmailExchange in my Extensions.xml, as I'm using only LocalAccountSigninUsernameExchange.

FYI, my Base.xml file does not declare LocalAccountSigninUsernameExchange as Techinical Profile, which makes me think that this is a default resource available to all policies.

chadc commented 6 years ago

@ltouro thanks for the response. I've had the same approach -- making minor modifications -- and I've finally got a successful upload of base/extensions/signonorsignin policies. The problem is that I still cannot authenticate a local user in my B2C directory (I get an "invalid username or password" error). I can create a sign-in policy through the Portal that works just fine, but I can't seem to get a custom policy to work successfully. I really wish Microsoft would post a reference example.

WhippsP commented 6 years ago

@chadc I have seen this before in training sessions I have run, and it normally points back to not setting the IdentityExperienceFramework / ProxyIdentityExperienceFramework within the Extension Policy correctly. Please review the following step in the documentation https://docs.microsoft.com/en-gb/azure/active-directory-b2c/active-directory-b2c-get-started-custom#add-the-application-ids-to-your-custom-policy

chadc commented 6 years ago

@WhippsP I appreciate the response -- I checked the AppIDs and they are correct. I modified the userjourney such that the the first orchestration step look like this:

ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninUsernameExchange"

rather than what's in the SO post:

ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange"

At least now I get a "bad password" message for a local sign-in. The password is definitely valid, so there's still something wrong with my configuration.

EDIT: Fixed. ProxyIdentityExperienceFramework app was registered as web/api instead of native. I re-created it and now I can authenticate locally as expected. Thanks everyone.

davidmu1 commented 6 years ago

@chadc @WhippsP @Itouro Is there anything that should be changed in the article to prevent the confusion that you had?

davidmu1 commented 6 years ago

Not identifying an article change.

please-close

haiquan commented 5 years ago

Had the same problem while trying to follow this doc and change the E-mail based login for Username based login based on this SO post.

Solved the problem by removing the UserJourney SignUpOrSignIn from TrustFrameworkBase.xml and keeping it only in TrustFrameworkExtensions.xml

It works for me. Thanks.

jeeszacharia commented 4 years ago

Instead of removing the SignUpSignIn from base policy, rename the Journey in Extension that fixed my problem.

gitforanand commented 4 years ago

I am receiving

Validation failed: 2 validation error(s) found in policy "B2C_1A_TOTP_TRUSTFRAMEWORKEXTENSIONS" of tenant "agkni.onmicrosoft.com".User journey "SignUpOrSignIn" in policy "B2C_1A_TOTP_TrustFrameworkExtensions" of tenant "agkni.onmicrosoft.com" has step 5 with 2 claims exchanges. It must be preceded by a claims provider selection in order to determine which claims exchange can be used.User journey "SignUpOrSignIn" in policy "B2C_1A_TOTP_TrustFrameworkExtensions" of tenant "agkni.onmicrosoft.com" has step 6 with 2 claims exchanges. It must be preceded by a claims provider selection in order to determine which claims exchange can be used.User journey "SignUpOrSignIn" in policy "B2C_1A_TOTP_TrustFrameworkExtensions" of tenant "agkni.onmicrosoft.com" has step 5 with 2 claims exchanges. It must be preceded by a claims provider selection in order to determine which claims exchange can be used.User journey "SignUpOrSignIn" in policy "B2C_1A_TOTP_TrustFrameworkExtensions" of tenant "agkni.onmicrosoft.com" has step 6 with 2 claims exchanges. It must be preceded by a claims provider selection in order to determine which claims exchange can be used.

gnvrt commented 4 months ago

Just re-name your UserJourney Id. It resolved the same issue

pavan9r commented 1 month ago

@gnvrt

Exactly, I just renamed the user journey and it worked. Funny though, neither error pointed appropriate issue nor solution made any sense to the error.