Custom policy validation error

Question

Using the AADB2C Identity Experience Framework custom policies, I'm trying to create a UserJourney that allows multiple social providers, as well as the local provider, but only allows Sign-In, not Sign-Up. When I upload the TrustFrameworkExtensions file containing the UserJourney, the upload fails with the error:

Unable to upload policy. Reason : Validation failed: 2 validation error(s) found in policy "B2C_1A_TRUSTFRAMEWORKEXTENSIONS" of tenant "mytenant.onmicrosoft.com".ClaimsExchange with id "SignInWithLogonNameExchange" is referenced in UserJourney with id "SignInAny" in policy "B2C_1A_TrustFrameworkExtensions" of tenant "mytenant.onmicrosoft.com", but it was not found.ClaimsExchange with id "SignInWithLogonNameExchange" is referenced in UserJourney with id "SignInAny" in policy "B2C_1A_TrustFrameworkExtensions" of tenant "MBHB2C.onmicrosoft.com", but it was not found.

The first part of the UserJourney, which I think contains all the relevant content, is:

<UserJourney Id="SignInAny"> 
    <OrchestrationSteps> 
        <OrchestrationStep Order="1" Type="ClaimsProviderSelection" ContentDefinitionReferenceId="api.idpselections"> 
            <ClaimsProviderSelections> 

                <ClaimsProviderSelection TargetClaimsExchangeId="SignInWithLogonNameExchange" /> 
                <ClaimsProviderSelection TargetClaimsExchangeId="KDEWebAppTestExchange" /> 
                <ClaimsProviderSelection TargetClaimsExchangeId="MSAExchange" /> 
                <ClaimsProviderSelection TargetClaimsExchangeId="GoogleExchange" /> 
            </ClaimsProviderSelections> 

            <ClaimsExchanges> 
                <ClaimsExchange Id="SignInWithLogonNameExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" /> 
            </ClaimsExchanges> 
        </OrchestrationStep> 

        <!-- Check if the user has selected to sign in using one of the social providers --> 
        <OrchestrationStep Order="2" Type="ClaimsExchange"> 
            <Preconditions> 
                <Precondition Type="ClaimsExist" ExecuteActionsIf="true"> 
                    <Value>objectId</Value> 
                    <Action>SkipThisOrchestrationStep</Action> 
                </Precondition> 
            </Preconditions> 
            <ClaimsExchanges> 
                <ClaimsExchange Id="KDEWebAppTestExchange" TechnicalProfileReferenceId="KDEWebAppTestProfile" /> 
                <ClaimsExchange Id="MSAExchange" TechnicalProfileReferenceId="MSA-OIDC" /> 
                <ClaimsExchange Id="GoogleExchange" TechnicalProfileReferenceId="Google-OAUTH" /> 
            </ClaimsExchanges> 
        </OrchestrationStep> 
        ...
    </UserJourney> 
</OrchestrationSteps> 

I don't understand what it was not found actually means.

Suggestions?

thanks!

Martin

Answer 1

Basically, in OrchestrationStep with Order 1, you have the following line:

<ClaimsProviderSelection TargetClaimsExchangeId="SignInWithLogonNameExchange" /> 

The TargetClaimsExchangeId is a reference to the ClaimsExchange element in the next OrchestrationStep. However, you do not have a line similar to this in the next step with Id set to SignInWithLogonNameExchange.

<ClaimsExchange Id="GoogleExchange" TechnicalProfileReferenceId="Google-OAUTH" /> 

So IEF does not know what to do (e.g. which technical profile to use) when the user clicks the button corresponding to that ClaimsProviderSelection.