Sign Up and Sign In with 'Terms of Use' prompt - Internal Error Server

[RaphaelSilv]

Hey!

I've been debugging this internal server error using application insights it's been hours now and I believe it's time to ask for help. My custom policy is been enhanced with 'Terms of Use' consent and my goal is simply to adapt the existing sample on it to my policy scenario. Easier said than done!

The error happens after the "SelfAsserted-Input-ToU-SignIn" technical profile is called, which is, at the Sign-In with extension_termsOfUseConsentDateTime being prior to the date configured at IsTermsOfUseConsentRequiredForDateTime.

Here is a piece of the user journey:

...
 <!-- This step reads any user attributes that we may not have received when authenticating using ESTS so they can be sent 
          in the token. -->
          <OrchestrationStep Order="8" Type="ClaimsExchange">
            <ClaimsExchanges>
              <ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
            </ClaimsExchanges>
          </OrchestrationStep>
  
          <OrchestrationStep Order="9" Type="ClaimsExchange">
            <ClaimsExchanges>
              <ClaimsExchange Id="Check-TOU-Status" TechnicalProfileReferenceId="Check-TOU-Status" />
            </ClaimsExchanges>
          </OrchestrationStep>

         <!-- Display Terms of Use consent page for any SignIn scenario based on termsOfUseConsentRequired claim -->
         <OrchestrationStep Order="10" Type="ClaimsExchange">
          <Preconditions>
            <!-- Add condition to not execute this step for sign up scenario based on newUser claim -->
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>newUser</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
            <Precondition Type="ClaimEquals" ExecuteActionsIf="false">
              <Value>termsOfUseConsentRequired</Value>
              <Value>True</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <ClaimsExchanges>
            <ClaimsExchange Id="ShowToUConsentPageForNewUser" TechnicalProfileReferenceId="SelfAsserted-Input-ToU-SignIn" />
          </ClaimsExchanges>
        </OrchestrationStep>   

        <OrchestrationStep Order="11" Type="ClaimsExchange">
          <Preconditions>
            <!-- Add condition to not execute this step for sign up scenario based on newUser claim -->
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>newUser</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <ClaimsExchanges>
            <ClaimsExchange Id="RESTAuthB2CSignIn" TechnicalProfileReferenceId="REST-AuthB2CSignIn" />
          </ClaimsExchanges>
...

Application Insights does not show anything meaningful to me. No exceptions, no missing claims, etc., and the error message from the browser inner HTML doesn't help much as well, here one can see part of it:

<!DOCTYPE html>
--
  | <!-- Build: 1.0.2493.0 -->
  | <!-- StateVersion: 2.1.1 -->
  | <!-- DeploymentMode: Development -->
  | <!-- CorrelationId: ea9e5f4d-7e67-4253-8b1b-3f9ef32e43aa -->
  | <!-- DataCenter: SAN -->
  | <!-- Slice: 001-000 -->
  | <html lang="en-US"><head><link rel="icon" href="data:;base64,iVBORw0KGgo="><script data-container="true" nonce="uckM+NtdqgKmNou1EkScIg==">var GLOBALEX = {
  | "CorrelationId": "ea9e5f4d-7e67-4253-8b1b-3f9ef32e43aa",
  | "Timestamp": "2022-02-08 18:59:26Z",
  | "Detail": "AADB2C: An exception has occurred."
  | };
  |  
  |  
  | var CONTENT = {
  | "contact-none": "Your administrator hasn&#39;t provided any contact details.",
  | "contact-number-label": "Telephone",
  | "contact-email-label": "Email",
  | "error-title": "Sorry, but we&#39;re having trouble signing you in.",
  | "error-help": "We track these errors automatically, but if the problem persists feel free to contact us. In the meantime, please try again."
  | };

---

What might be happening here?

All the involved policies + a full log file of the user journey's last steps from application insights can be found here.

Really appreciate your input on it. Thank you!

[JasSuri]

Output claim type "termsOfUseConsentRequired" specified in the technical profile with id "SelfAsserted-Input-ToU-SignIn" in policy "B2C_1A_AccountLink_SUSI_V2" of tenant "contoso.onmicrosoft.com" does not specify a UserInputType or a DefaultValue, and is not retrieved from a ValidationTechnicalProfile either.

You are trying to output a claim using outputClaim into the claimbag, but give no way to actually retrieve/produce this value.

And its because you removed this section from Update-TOU-Status technical profile. Which would have then produced this value from a Validation Technical profile.

          <OutputClaims>
            <OutputClaim ClaimTypeReferenceId="termsOfUseConsentRequired" DefaultValue="false" AlwaysUseDefaultValue="true" />
          </OutputClaims>

[RaphaelSilv]

Darn, I missed that! Thanks, @JasSuri!

One last thing, from me, I couldn't find such a clear message anywhere on the Application Insights query log.

Also, I usually open the messages on a text editor for better debugging, anyhoo, couldn't find the message you shared. Do you use something different? Thanks!

[JasSuri]

I used our internal logs.
I will feed this back into the team.