This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 72%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFV%3C/text%3E%3C/svg%3E)
Hello Support team, Im developing b2c with custom polices, I faced with unexpected issue.
I want to get users claims with help of AAD-UserReadUsingObjectId, my policy looks like
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0"
TenantId="yourtenant.onmicrosoft.com" PolicyId="B2C_1A_TestReadUser"
PublicPolicyUri="http://yourtenant.onmicrosoft.com/B2C_1A_TestReadUser" DeploymentMode="Development">
<BasePolicy>
<TenantId>yourtenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
</BasePolicy>
<ClaimsProviders>
<ClaimsProvider>
<DisplayName>Check param</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="UserIdProfile">
<DisplayName>Read User Id from query</DisplayName>
<Protocol Name="Proprietary"
Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" DefaultValue="GUID of registred user" AlwaysUseDefaultValue="true"/>
</OutputClaims>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
<UserJourneys>
<UserJourney Id="GetUserData">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="SetUserIdExchange" TechnicalProfileReferenceId="UserIdProfile"/>
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer"/>
</OrchestrationSteps>
</UserJourney>
</UserJourneys>
<RelyingParty>
<DefaultUserJourney ReferenceId="GetUserData"/>
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="OpenIdConnect"/>
<OutputClaims>
<!-- <OutputClaim ClaimTypeReferenceId="email" /> -->
<OutputClaim ClaimTypeReferenceId="displayName" />
<OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/>
<OutputClaim ClaimTypeReferenceId="tenantId" AlwaysUseDefaultValue="true"
DefaultValue="{Policy:TenantObjectId}"/>
</OutputClaims>
<SubjectNamingInfo ClaimType="sub"/>
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
when I try to execute it i see
please help me to understand what im doing wrong.
I've used https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/main/LocalAccounts for initial setup
User im trying to find is tenant user.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Fedor Variukhin ,
Which page layout version are you using in your userflow? There have been recent updates to page layouts so that I have seen cause this error. Would you be able to use the latest page layout version and try again?
Also if you remove the OrchestrationStep 1 section, do you still see this error?
Hi @Marilee Turscak-MSFT
Which page layout version are you using in your userflow?
I took Base files for policy from starter pack
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/main/LocalAccounts
I don't know how to check layout versions in portal, but in "TrustFrameworkBase.xml" i see content definitions with data Uri like
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri>
I haven't done any changes to base policy file
Also if you remove the OrchestrationStep 1 section, do you still see this error?
I override "AAD-UserReadUsingObjectId", replace step 1, and it started working.
Final policy file looks like this
<TechnicalProfile Id="AAD-UserReadUsingObjectId">
<Metadata>
<Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="objectId" DefaultValue="GUID of registred user"
AlwaysUseDefaultValue="true"/>
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="objectId" DefaultValue="GUID of registred user"
AlwaysUseDefaultValue="true"/>
</OutputClaims>
</TechnicalProfile>
Journey contains only last 2 steps.
Thank you so much for your help!
Thanks for confirming that it is working! Do you need any additional help with this?
Yes I still don't understand what this error mean and how to avoid it, could you please explain it, i didn't found answer in documentation about it.