It seems like you are encountering an issue with reading the `custom_attributes` claim from Salesforce in Azure AD B2C custom policies. Here are a few suggestions to troubleshoot and resolve the issue:
1. **Check the Salesforce Claim Types:**
Verify that the claim types used in your Azure AD B2C policy match the claim types that Salesforce is sending. In your Technical Profile, ensure that the `<OutputClaim ClaimTypeReferenceId="custom_attributes" />` corresponds to the claim type used by Salesforce.
Update the `OutputClaims` section of your Technical Profile to:
```xml
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="sub" />
<OutputClaim ClaimTypeReferenceId="identityUrl" PartnerClaimType="aud" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
<OutputClaim ClaimTypeReferenceId="custom_attributes" PartnerClaimType="custom_attributes" />
<OutputClaim ClaimTypeReferenceId="identityProvider" PartnerClaimType="iss" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" />
</OutputClaims>
- Claim Transformation:
Ensure that your claim transformation (
GetCustomerNameClaimFromJson
) is correctly extracting thecustomername
claim from thecustom_attributes
claim. Double-check that the claim transformation is functioning as expected. - Check Error Details:
The error message "AADB2C: An exception has occurred" is a bit generic. To get more details about the error, you can enable debugging for your policies. Add the following snippet to your relying party policy to get more detailed information:
After enabling debugging, try the user journey again, and check the detailed logs for any specific error messages that might provide more insight into the issue.<RelyingParty> ... <TechnicalProfile Id="JwtIssuer"> ... <OutputClaims> ... </OutputClaims> </TechnicalProfile> </RelyingParty>
- Check Salesforce Configuration:
Verify that Salesforce is correctly sending the
custom_attributes
claim in the OpenID Connect response. You can use tools like jwt.io to inspect the contents of the ID token received from Salesforce and ensure that thecustom_attributes
claim is present. - Update Claim Transformation:
Modify the claim transformation to directly reference the
custom_attributes
claim. Instead of usingInputClaim ClaimTypeReferenceId="custom_attributes"
, try using the rawinputJson
claim:
Ensure that the<ClaimsTransformation Id="GetCustomerNameClaimFromJson" TransformationMethod="GetClaimFromJson"> <InputClaims> <InputClaim ClaimTypeReferenceId="inputJson" TransformationClaimType="inputJson" /> </InputClaims> <InputParameters> <InputParameter Id="claimToExtract" DataType="string" Value="customername" /> </InputParameters> <OutputClaims> <OutputClaim ClaimTypeReferenceId="customername" TransformationClaimType="extractedClaim" /> </OutputClaims> </ClaimsTransformation>
inputJson
claim contains the entire JSON payload, including thecustom_attributes
claim. - Review Azure AD B2C Logs: Check the Azure AD B2C logs for any additional error messages or details. You can find these logs in the Azure portal under your Azure AD B2C resource, in the "Monitoring" section.
By carefully reviewing and verifying each step, you should be able to identify and resolve the issue with reading the custom_attributes
claim from Salesforce in your custom policies.