Incorrect instructions for BuildingBlocks while configuring UserInfo

[cburatto]

Technology: Azure B2C Identity Experience Framework

Article: https://learn.microsoft.com/en-us/azure/active-directory-b2c/userinfo-endpoint?pivots=b2c-custom-policy

Description of the problem

1 - Article instructs user to place technical profile under the wrong XML element.
2 - ClaimTypeReferenceId is incorrect

https://learn.microsoft.com/en-us/azure/active-directory-b2c/userinfo-endpoint?pivots=b2c-custom-policy#1-add-the-token-issuer-technical-profile

Step 1 "Add the Token Issuer technical profile" instructs you to add the ClaimsProvider info under the BuildingBlocks element.

However, if you do that, the policy will fail validation upon upload with error:

Validation failed: 1 validation error(s) found in policy "B2C_1A_TRUSTFRAMEWORKEXTENSIONS" of tenant "xxx.onmicrosoft.com".Schema validation error found at line 7 col 6 in policy "B2C_1A_TRUSTFRAMEWORKEXTENSIONS" of tenant "xxx.onmicrosoft.com": The element 'BuildingBlocks' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06' has invalid child element 'ClaimsProviders' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'. List of possible elements expected: 'ClaimsSchema, Predicates, InputValidations, PredicateValidations, ClaimsTransformations, ClientDefinitions, ContentDefinitions, Localization, DisplayControls' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'.Schema validation error found at line 7 col 6 in policy "B2C_1A_TRUSTFRAMEWORKEXTENSIONS" of tenant "xxx.onmicrosoft.com": The element 'BuildingBlocks' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06' has invalid child element 'ClaimsProviders' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'. List of possible elements expected: 'ClaimsSchema, Predicates, InputValidations, PredicateValidations, ClaimsTransformations, ClientDefinitions, ContentDefinitions, Localization, DisplayControls' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'.

Solution:

If you move the ClaimsProvider from the BuildingBlocks element to the sibling ClaimsProviders element , the policy is uploaded without errors.
You must make sure ClaimTypeReferenceId="signInNames.emailAddress" matches the ClaimType defined in the Base (in my case and probably others, this is email)

<InputClaim ClaimTypeReferenceId="signInNames.emailAddress"/>
...
<OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" PartnerClaimType="email"/>

must be

<InputClaim ClaimTypeReferenceId="email"/>
...
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email"/>

Issue opened on the Azure-Samples repo before this one:
Azure-Samples/active-directory-b2c-custom-policy-starterpack#150

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: d95c19b5-d294-8ca6-da08-fffb512f2282
• Version Independent ID: 1eb91f6c-664c-672e-c420-c55c3e2b85b7
• Content: UserInfo endpoint
• Content Source: articles/active-directory-b2c/userinfo-endpoint.md
• Service: active-directory
• Sub-service: b2c
• GitHub Login: @kengaderdus
• Microsoft Alias: kengaderdus

[YashikaTyagii]

@cburatto
Thanks for your feedback! We will investigate and update as appropriate.

[kengaderdus]

@cburatto

We apologize for the delay in our response. We'll investigate this custom policy, then update our docs accordingly. For now, we'll close this issue, then track it internally. #please-close.