question

ChetanKumar-2774 avatar image
0 Votes"
ChetanKumar-2774 asked ChetanKumar-2774 commented

AD B2C custom policy with TFA using TOPT

Hi,

I am setting up B2C custom policies with TFA using TOTP.

I have followed the git gub samples.

  • added "allow script execution, updated DataURI values, update the REST end-points for Generate, Validate etc.

  • I have deployed my REST API on my back-end server on third-party cloud.

The orchestration steps works perfect up to Step 7 ( <OrchestrationStep Order="7" Type="ClaimsExchange"> )

The orchestration order 8 failed with the error error_description=AADB2C90047 The resource "http://myserver.aikaan.io/selfasserted-appfactor-registration.html" contains script errors preventing it from being loaded

I have made sure there is no CORS errors, my nginx server config include " add_header Access-Control-Allow-Origin *; "

I do not see any request in access_log of my nginx server.

What am I missing and how do I debug further.

Special attn: @amanpreetsingh-msft

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ChetanKumar-2774 commented

Hi @ChetanKumar-2774 · Thank you for reaching out.

Along with Access-Control-Allow-Origin, try adding below headers

  Access-Control-Allow-Credentials
  Access-Control-Allow-Methods
  Access-Control-Allow-Headers

with the values mentioned under Configure CORS

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 5
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChetanKumar-2774 avatar image ChetanKumar-2774 ·

Hi @amanpreetsingh-msft ,

Tried adding all the above header, no success.

Another point I want to bring to your notice is, I do not see an access log for "selfasserted-appfactor-registration.html" in my Nginx server. This indicates the request is not reaching my Nginx server.

I get the access logs for /Generate REST path.

Thanks
C

1 Vote 1 ·
amanpreetsingh-msft avatar image amanpreetsingh-msft ChetanKumar-2774 ·

@ChetanKumar-2774 · Yes, getting access logs should help.

0 Votes 0 ·
ChetanKumar-2774 avatar image ChetanKumar-2774 amanpreetsingh-msft ·

Hi @amanpreetsingh-msft ,

I do not see any access logs on my Nginx server. This indicates in orchestration step 8 the B2C authenticator is attempting to connect my server.

Let me rephrase my question and observation.

a. At step 7 ( <OrchestrationStep Order="7" Type="ClaimsExchange"> ), the technical profile TechnicalProfileReferenceId="AppFactor-GenerateTotpWebHook" is executed, B2C authenticator connects to my back-end REST API at the path myserver.aikaan.io/Generate

b. The REST call responds with OutputClaim qrCodeBitmap and secretKey. I have confirmed with application-insights logs these claims are stored.

c. At step 8 (OrchestrationStep Order="8" Type="ClaimsExchange")
While the page http://myserver.aikaan.io/wwwroot/selfasserted-appfactor-registration.html is supposed to display, I get the error_description=AADB2C90047

When I check nginx access logs, I do not see a request from B2C authenticator for the above page

0 Votes 0 ·
Show more comments