question

StevenGardiner-7482 avatar image
0 Votes"
StevenGardiner-7482 asked StevenGardiner-7482 commented

How to do email varification with Azure B2C custom policies

Hi I'm new to custom policies as I've always used the user flow method. I've downloaded the local account starter pack from here https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack and followed the Microsofts example. I can get my login screen to work but not my sign up page. The page is missing inputs for a email address and a button for email verification like the user flows has. If tried changing claim names and input and outputs but i'm getting nowhere. Please can someone suggest something all I'm getting is this:
120235-capture.jpg


azure-ad-b2c
capture.jpg (29.9 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·

Thanks @RakeshJagatap-4451 I managed to fix it by basically starting again with the templates from git lab.

0 Votes 0 ·

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft commented

Hi @StevenGardiner-7482 · Thank you for reaching out.

You need to add below input and output claim under <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail"> available in TrustFrameworkBase file.
<InputClaim ClaimTypeReferenceId="email" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />

Then add below output claim to your SignupOrSignin.xml (RP File) to get email address claim in the token to be presented to the application:

<OutputClaim ClaimTypeReferenceId="email" />

Below is entire LocalAccountSignUpWithLogonEmail technical profile for your reference:

 <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
           <DisplayName>Email signup</DisplayName>
           <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
           <Metadata>
             <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
             <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>
             <Item Key="language.button_continue">Create</Item>
           </Metadata>
           <CryptographicKeys>
             <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />
           </CryptographicKeys>
           <InputClaims>
             <InputClaim ClaimTypeReferenceId="email" />
           </InputClaims>
           <OutputClaims>
             <OutputClaim ClaimTypeReferenceId="objectId" />
             <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />
             <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />
             <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />
             <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />
             <OutputClaim ClaimTypeReferenceId="authenticationSource" />
             <OutputClaim ClaimTypeReferenceId="newUser" />
             <!-- Optional claims, to be collected from the user -->
             <OutputClaim ClaimTypeReferenceId="displayName" />
             <OutputClaim ClaimTypeReferenceId="givenName" />
             <OutputClaim ClaimTypeReferenceId="surName" />
           </OutputClaims>
           <ValidationTechnicalProfiles>
             <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />
           </ValidationTechnicalProfiles>
           <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
         </TechnicalProfile>

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@amanpreetsingh-msft thank you for your answer. I have all these configured but there is still no email input on the sign up page.

0 Votes 0 ·

Hi @StevenGardiner-7482 · In your user journey (UserJourney Id="SignUpOrSignIn"), are you referencing LocalAccountSignUpWithLogonEmail technical profile? This is by default added to orchestration step 2 but can be customized. If you are referencing any other technical profile in the signupOrSignin user journey, make sure you add email as input and output claim in that technical profile.

0 Votes 0 ·

Hi @amanpreetsingh-msft these are the first two steps of my UserJourney

 <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
           <ClaimsProviderSelections>
             <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
           </ClaimsProviderSelections>
           <ClaimsExchanges>
             <ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
           </ClaimsExchanges>
         </OrchestrationStep>
    
         <OrchestrationStep Order="2" Type="ClaimsExchange">
           <Preconditions>
             <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
               <Value>objectId</Value>
               <Action>SkipThisOrchestrationStep</Action>
             </Precondition>
           </Preconditions>
           <ClaimsExchanges>
             <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
           </ClaimsExchanges>
         </OrchestrationStep>


0 Votes 0 ·
Show more comments