AD B2C Custom Policies auto-account-linking

Tiago C 20 Reputation points
2024-11-08T09:26:08.6066667+00:00

I am currently trying to replicate the following custom policy sample:
https://github.com/azure-ad-b2c/samples/tree/master/policies/auto-account-linking

I generated all the needed things with the setup tool from the documentation, everything seems to have been generated correctly.
For some reason, when I am trying to login with, for example google, in order to see if the auto linking does in fact work I get the following error on App insights:

A Claim of ClaimType with id "userIdentity" was not found, which is required by the ClaimsTransformationImpl of Type "Microsoft.Cpim.Data.Transformations.AddItemToUserIdentityCollectionTransformation" for TransformationMethod "AddItemToUserIdentityCollection" referenced by the ClaimsTransformation with id "AppendUserIdentity" in policy "B2C_1A_AccountLink_Extensions" of tenant "tenant.onmicrosoft.com".

This is not making a lot of sense because as seen in the sample code provided, in the AccountLinkExtensions.xml, the "userIdentity" claimType is in fact declared.

Been stuck on this for a couple days, any clue why this may be happening ?User's image

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
956 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,146 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 15,145 Reputation points Microsoft Vendor
    2024-11-11T18:18:23.2366667+00:00

    Hi @Tiago C

    Thank you for posting this in Microsoft Q&A.

    I understand you're encountering an error related to the "userIdentity" claim type while trying to replicate the auto-account linking policy from the Azure AD B2C samples. The error states that the claim is not found, even though it is declared in your AccountLinkExtensions.xml.

    To resolve this issue can you please check below possible solutions:

    1.Double-check that the userIdentity claim type is correctly declared in your AccountLinkExtensions.xml

    2.Ensure that the claims transformation referenced by AppendUser Identity is correctly configured to use the userIdentity claim. Check that the transformation method aligns with the expected input and output claims.

    3.Make sure that your B2C_1A_AccountLink_Extensions policy is correctly referencing the AccountLinkExtensions.xml

    4.If you're only testing with Google, try logging in with other identity providers to see if the issue persists.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.