Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
919 questions
AD B2C Custom Policies auto-account-linking
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 39%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETC%3C/text%3E%3C/svg%3E)
Tiago C
0
Reputation points
I am currently trying to replicate the following custom policy sample:
https://github.com/azure-ad-b2c/samples/tree/master/policies/auto-account-linking
I generated all the needed things with the setup tool from the documentation, everything seems to have been generated correctly.
For some reason, when I am trying to login with, for example google, in order to see if the auto linking does in fact work I get the following error on App insights:
A Claim of ClaimType with id "userIdentity" was not found, which is required by the ClaimsTransformationImpl of Type "Microsoft.Cpim.Data.Transformations.AddItemToUserIdentityCollectionTransformation" for TransformationMethod "AddItemToUserIdentityCollection" referenced by the ClaimsTransformation with id "AppendUserIdentity" in policy "B2C_1A_AccountLink_Extensions" of tenant "tenant.onmicrosoft.com".
This is not making a lot of sense because as seen in the sample code provided, in the AccountLinkExtensions.xml, the "userIdentity" claimType is in fact declared.
Been stuck on this for a couple days, any clue why this may be happening ?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Navya 12,405 Reputation points Microsoft Vendor2024-11-11T18:18:23.2366667+00:00 Hi @Tiago C
Thank you for posting this in Microsoft Q&A.
I understand you're encountering an error related to the "userIdentity" claim type while trying to replicate the auto-account linking policy from the Azure AD B2C samples. The error states that the claim is not found, even though it is declared in your
AccountLinkExtensions.xml.To resolve this issue can you please check below possible solutions:
1.Double-check that the
userIdentityclaim type is correctly declared in yourAccountLinkExtensions.xml2.Ensure that the claims transformation referenced by
AppendUser Identityis correctly configured to use theuserIdentityclaim. Check that the transformation method aligns with the expected input and output claims.3.Make sure that your
B2C_1A_AccountLink_Extensionspolicy is correctly referencing theAccountLinkExtensions.xml4.If you're only testing with Google, try logging in with other identity providers to see if the issue persists.
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
-
Tiago C 0 Reputation points
2024-11-12T09:37:17.12+00:00 So, I was able to get it to work doing everything from scratch, but I need it to work on a frameworkExtension and frameworkBase that has more configurations.
For some reason the error is exactly the same.- I believe everything should be correct, it is declared exactly like in the sample.
2.Not sure what this means, right now the configuration for that transformation method inside
AccountLinkExtensions.xmlis exactly the same as the sample.
3. The AccountLinkExtensions.xml is where **B2C_1A_AccountLink_Extensions**exists, unless I misunderstand what you are saying this is as intended.
4. With the files directly from the basic setup tool, everything seems to work well with google, so I don't see how this could be to blame for the error above.
Sign in to comment
Sign in to answer