This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have setup the AAD Sign In within B2C following the instructions in this documentation article: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom?tabs=applications
The process fails when AAD redirects to the response endpoint on B2C and then being redirected to https://jwt.ms with the follwing message: AADB2C90238:
The provided id_token does not contain a valid issuer. Valid issuer values: 'https://sts.windows.net/<aad-tenant-id>/<b2c-tenant-id>/'. Please provide another token and try again.
Of course this will fail because the token originating from AAD issuer will only be https://sts.windows.net/<aad-tenant-id>
Why is B2C expecting the B2C tenant ID as part of the issuer from AAD?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 0%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Hey Artmasa, I see this is a duplicate question from https://social.msdn.microsoft.com/Forums/en-US/db46c12d-abc9-4bff-86da-9c24a00232dc/azure-ad-b2c-with-aad-signin-user-journey-is-expecting-wrong-issuer?forum=WindowsAzureAD
Were you able to check if the technical profile was setup properly? If you followed the instructions accordinlgy, this shouldn't be occurring.
In addition to that, can you check if you have the validtokenissuerprefixes claim in your custom claims policy?
See here for more information on this claim : https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom?tabs=applications#add-a-claims-provider
Hey Artmasa, could you respond to the comments in regards to this issue for further help?
Thanks,
Thank you. I had the wrong value for the prefixes
Check if you have the validtokenissuerprefixes claim in your custom claims policy
See here for more information on this claim : https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom?tabs=applications#add-a-claims-provider
Duplicate information here : https://social.msdn.microsoft.com/Forums/en-US/db46c12d-abc9-4bff-86da-9c24a00232dc/azure-ad-b2c-with-aad-signin-user-journey-is-expecting-wrong-issuer?forum=WindowsAzureAD
One of the values were wrong for the prefixes.