question

MiguelGregrio-1765 avatar image
0 Votes"
MiguelGregrio-1765 asked RadovanKonarevi-9358 published

Azure b2c Custom Policies Error Message

Hi !


I programmed the b2c customized policies and I am currently defining the error messages. However, the login error message displays a message that does not count in the standard messages: https://docs.microsoft.com/en-us/azure/active-directory-b2c/localization-string-ids

The message is: The username or password provided in the request are invalid.

I used the strarter pack policies (local account).
If the credentials are correct, no problems arises.

how can i change this message?

Thanks!!
43483-capture.png


azure-active-directoryazure-ad-b2c
capture.png (4.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

I was facing the same issue, but you can use the below code in order to solve it

<LocalizedString ElementType="ErrorMessage" StringId="AADB2C90225">#Message</LocalizedString>

Regards!

0 Votes 0 ·
amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered RadovanKonarevi-9358 published

Hi @MiguelGregrio-1765 · Thank you for sharing the required information.

By investigating into it, I found the error occurs only when the policy is configured with ROPC flow. There is an open ticket regarding this issue with the product team.

As of now, you can try removing <Item Key="grant_type">password</Item> from <TechnicalProfile Id="login-NonInteractive">. As long as, the first OrchestrationStep in an ROPC user journey is the ClaimsExchange with the ROPC technical profile, it should be absolutely fine to remove it.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered MiguelGregrio-1765 commented

Hi @MiguelGregrio-1765 · Thank you for reaching out.

Below is an example to customize this message:

 <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfClaimsPrincipalDoesNotExist">El nombre de usuario o la contraseña proporcionados en la solicitud no son válidos.</LocalizedString>
 <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfInvalidPassword">El nombre de usuario o la contraseña proporcionados en la solicitud no son válidos.</LocalizedString>

With above parameters, in case of both invalid username and invalid password, it will return same message, which is "The username or password provided in the request are invalid." in spanish (you can configure your own language or custom message).


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thanks @amanpreetsingh-msft, but the message I receive ("The username or password provided in the request are invalid.") does not match any of the string ids you sent me.

the "UserMessageIfClaimsPrincipalDoesNotExist" corresponds to "We can't seem to find your account."
and "UserMessageIfInvalidPassword" corresponds to "Your password is incorrect.".

thanks!

0 Votes 0 ·

Hi @MiguelGregrio-1765 · As per the documentation, the error doesn't map to any of the built-in string IDs. The closest are the two, that I have shared above. Could you please try using these and let me know if that helps changing the message. If yes, I will update the documentation, else, I will check with product team on this and let you know.

1 Vote 1 ·

Hi !

I used the following LocalizedStrings:

  1. <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfInvalidPassword">A password está incorreta</LocalizedString>

  2. <LocalizedString ElementType="ErrorMessage" StringId="UserMessageIfClaimsPrincipalDoesNotExist">Não encontramos a sua conta.</LocalizedString>

  3. <LocalizedString ElementType="ErrorMessage" StringId="DefaultMessage">O email ou a password não estão corretos.</LocalizedString>


I used difrent messages in "UserMessageIfClaimsPrincipalDoesNotExist" and "UserMessageIfInvalidPassword"to detect which message is displayed.
But i get the same error message: "The username or password provided in the request are invalid."

the picture: 43559-capture.png


0 Votes 0 ·
capture.png (16.7 KiB)
Show more comments
Kaveh-2667 avatar image
0 Votes"
Kaveh-2667 answered amanpreetsingh-msft commented

Hi,

Just to confirm, I'm facing the same issue. I can localise all other messages but not the one above. after searching the ms. docs, found the error in following link:

"Error codes: Azure Active Directory B2C": https://docs.microsoft.com/en-us/azure/active-directory-b2c/error-codes

check for error code: AADB2C90225 in above page.

I cannot find any way to localise above message.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Kaveh-2667 · Could you please share complete login-NonInteractive technical profile from your Base file?

0 Votes 0 ·
WilsondeSeabra-1769 avatar image
0 Votes"
WilsondeSeabra-1769 answered amanpreetsingh-msft commented

@amanpreetsingh-msft Same issue here. We're using a custom Technical Profile, and using a custom form on ContentDefinition "api.signuporsigninwithkmsi":

<UserJourney Id="SignUpOrSignInWithKmsi">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsigninwithkmsi">
<ClaimsProviderSelections>
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Username" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignup-Username" />
</ClaimsExchanges>
</OrchestrationStep>
<!-- This step reads any user attributes that we may not have received when in the token. -->
<OrchestrationStep Order="3" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
</OrchestrationSteps>
<ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>



Technical profile:

     <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Username">
       <DisplayName>Local Account Signin</DisplayName>
       <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
       <Metadata>
         <Item Key="SignUpTarget">SignUpWithLogonEmailExchange</Item>
         <Item Key="setting.operatingMode">Username</Item>
         <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
       </Metadata>
       <IncludeInSso>false</IncludeInSso>
       <InputClaims>
         <InputClaim ClaimTypeReferenceId="signInName" />
       </InputClaims>
       <OutputClaims>
         <OutputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="signInNames.userName" Required="true" />
         <OutputClaim ClaimTypeReferenceId="password" Required="true" />
         <OutputClaim ClaimTypeReferenceId="objectId" />
         <OutputClaim ClaimTypeReferenceId="userPrincipalName" />
         <OutputClaim ClaimTypeReferenceId="authenticationSource" />
         <OutputClaim ClaimTypeReferenceId="extension_Role" />
         <OutputClaim ClaimTypeReferenceId="extension_ClientId" />
         <OutputClaim ClaimTypeReferenceId="extension_FactoryId" />
         <OutputClaim ClaimTypeReferenceId="extension_DepartmentId" />
       </OutputClaims>
       <ValidationTechnicalProfiles>
         <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
       </ValidationTechnicalProfiles>
       <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
     </TechnicalProfile>


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@WilsondeSeabra-1769 · This is not the Technical profile I am looking for. Correct technical profile is <TechnicalProfile Id="login-NonInteractive">

0 Votes 0 ·
WilsondeSeabra-1769 avatar image
0 Votes"
WilsondeSeabra-1769 answered WilsondeSeabra-1769 published

@amanpreetsingh-msft
The validation then, here goes:


<TechnicalProfile Id="login-NonInteractive">
<DisplayName>Local Account SignIn</DisplayName>
<Protocol Name="OpenIdConnect" />
<Metadata>
<Item Key="UserMessageIfClaimsPrincipalDoesNotExist">We can't seem to find your account</Item>
<Item Key="UserMessageIfInvalidPassword">Your password is incorrect</Item>
<Item Key="UserMessageIfOldPasswordUsed">Looks like you used an old password</Item>
<Item Key="ProviderName">https://sts.windows.net/</Item>;
<Item Key="METADATA">https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration</Item>;
<Item Key="authorization_endpoint">https://login.microsoftonline.com/{tenant}/oauth2/token</Item>;
<Item Key="response_types">id_token</Item>
<Item Key="response_mode">query</Item>
<Item Key="scope">email openid</Item>
<Item Key="grant_type">password</Item>
<!-- Policy Engine Clients -->
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="HttpBinding">POST</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="signInName" PartnerClaimType="username" Required="true" />
<InputClaim ClaimTypeReferenceId="password" Required="true" />
<InputClaim ClaimTypeReferenceId="grant_type" DefaultValue="password" />
<InputClaim ClaimTypeReferenceId="scope" DefaultValue="openid" />
<InputClaim ClaimTypeReferenceId="nca" PartnerClaimType="nca" DefaultValue="1" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="oid" />
<OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_Name" />
<OutputClaim ClaimTypeReferenceId="surName" PartnerClaimType="family_Name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="Name" />
<OutputClaim ClaimTypeReferenceId="userPrincipalName" PartnerClaimType="upn" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
<OutputClaim ClaimTypeReferenceId="extension_Role" />
<OutputClaim ClaimTypeReferenceId="extension_ClientId" />
<OutputClaim ClaimTypeReferenceId="extension_FactoryId" />
<OutputClaim ClaimTypeReferenceId="extension_DepartmentId" />
</OutputClaims>
</TechnicalProfile>

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaDzierak-0210 avatar image
0 Votes"
MichaDzierak-0210 answered MarappaBasavaraju-0416 commented

Hi :-)
Any news on the above problem?
We have facing the same issue. Message The username or password provided in the request are invalid. cannot be translated by custom policy. After some investigation I've found that it is returned as an exception during executing login-NonInteractive profile:
```
{
"Key": "Exception",
"Value": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "The username or password provided in the request are invalid.",
"Data": {
"IsPolicySpecificError": false
}
}
}
```

Regards,
Michał

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi any updates on this . We need to customize the error message "The username or password provided in the request are invalid." if email or password is invalid.

0 Votes 0 ·
vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.