• Not Answered

Sitecore 9.0.2 with Azure AD B2C with External User Authentication

 have tried to configure Sitecore 9.02 to Authenticate users from Azure Ad B2C  

 I have followed these steps - https://www.linkedin.com/pulse/authenticate-your-customer-azure-active-directory-b2c-arvind-gehlot/

My configuration file looks like this 

<pipelines>
  <owin.identityProviders>
    <!-- This is the custom processor that gets executed when azure AD posts the token to Sitecore -->
    <processor type="Sitecore.Foundation.Account.Pipelines.AzureAdB2CIdentityProviderProcessor, Sitecore.Foundation.Account" resolve="true" />
  </owin.identityProviders>
</pipelines>
<federatedAuthentication>
  <identityProviders hint="list:AddIdentityProvider">
    <identityProvider id="Sitecore.AzureAD.B2C" type="Sitecore.Owin.Authentication.Configuration.DefaultIdentityProvider, Sitecore.Owin.Authentication">
      <param desc="name">$(id)</param>
      <param desc="domainManager" type="Sitecore.Abstractions.BaseDomainManager" resolve="true" />
      <caption>Sign with Azure B2C</caption>
      <domain>Sitecore</domain>
      <icon>signin__azure_adB2C</icon>
      <transformations hint="list:AddTransformation">
        <!-- you need to have and Idp Claim for this to work-->
        <transformation name="Idp Claim" ref="federatedAuthentication/sharedTransformations/setIdpClaim" />

        <transformation name="map role to idp" type="Sitecore.Owin.Authentication.Services.DefaultTransformation, Sitecore.Owin.Authentication">
          <sources hint="raw:AddSource">
            <claim name="idp" value="Sitecore.AzureAD.B2C" />
          </sources>
          <targets hint="raw:AddTarget">
            <claim name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" value="Sitecore\admin" />
          </targets>
          <keepSource>true</keepSource>
        </transformation>
      </transformations>
    </identityProvider>
  </identityProviders>
  <!-- Property initializer assigns claim values to sitecore user properties -->
  <propertyInitializer type="Sitecore.Owin.Authentication.Services.PropertyInitializer, Sitecore.Owin.Authentication">
    <maps hint="list">
      <map name="email claim" type="Sitecore.Owin.Authentication.Services.DefaultClaimToPropertyMapper, Sitecore.Owin.Authentication">
        <data hint="raw:AddData">
          <!--claim name-->
          <source name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
          <!--property name-->
          <target name="Email" />
        </data>
      </map>
      <map name="Name claim" type="Sitecore.Owin.Authentication.Services.DefaultClaimToPropertyMapper, Sitecore.Owin.Authentication">
        <data hint="raw:AddData">
          <!--claim name-->
          <source name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
          <!--property name-->
          <target name="Name" />
        </data>
      </map>
    </maps>
  </propertyInitializer>
  <identityProvidersPerSites>
    <mapEntry name="b2c" type="Sitecore.Owin.Authentication.Collections.IdentityProvidersPerSitesMapEntry, Sitecore.Owin.Authentication">
      <sites hint="list">
        <site>shell</site>
        <site>login</site>
        <site>admin</site>
        <site>service</site>
        <site>modules_shell</site>
        <site>modules_website</site>
        <site>website</site>
        <site>scheduler</site>
        <site>system</site>
        <site>SampleSite</site>
        <site>publisher</site>
      </sites>
      <!-- Registered identity providers for above providers -->
      <identityProviders hint="list:AddIdentityProvider">
        <identityProvider ref="federatedAuthentication/identityProviders/identityProvider[@id='Sitecore.AzureAD.B2C']" />
      </identityProviders>

      <externalUserBuilder type="Sitecore.Owin.Authentication.Services.DefaultExternalUserBuilder, Sitecore.Owin.Authentication">
        <param desc="isPersistentUser">false</param>
      </externalUserBuilder>
    </mapEntry>
  </identityProvidersPerSites>
</federatedAuthentication>

 

My IdentityProviderProcessor class looks like this : 

public class AzureAdB2CIdentityProviderProcessor : IdentityProvidersProcessor
{

    // App config settings
    public static string ClientId = Settings.GetSetting("Ida.clientID");
    public static string AadInstance = Settings.GetSetting("Ida.instanceUrl");
    public static string Tenant = Settings.GetSetting("Ida.Tenant");
    public static string RedirectUri = Settings.GetSetting("Ida.redirectUrl");
    //public static string ServiceUrl = Settings.GetSetting("B2C_TaskServiceUrl"); //TODO:cehck

    // B2C policy identifiers
    public static string SignUpSignInPolicyId = Settings.GetSetting("Ida.signUpSignInPolicyId");
    //public static string EditProfilePolicyId = Settings.GetSetting("B2C_EditProfilePolicyId"); //TODO:cehck
    //public static string ResetPasswordPolicyId = Settings.GetSetting("B2C_ResetPasswordPolicyId"); //TODO:cehck

    public static string DefaultPolicy = SignUpSignInPolicyId;

    // Authorities
    public static string Authority = String.Format(AadInstance, Tenant, DefaultPolicy);

    // OWIN auth middleware constants
    //public const string ObjectIdElement = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier";

    public AzureAdB2CIdentityProviderProcessor(FederatedAuthenticationConfiguration federatedAuthenticationConfiguration)
        : base(federatedAuthenticationConfiguration)
    {

    }
    protected override string IdentityProviderName
    {
        get { return "Sitecore.AzureAD.B2C"; }
    }


    protected override void ProcessCore(IdentityProvidersArgs args)
    {
        Assert.ArgumentNotNull(args, nameof(args));

        var identityProvider = this.GetIdentityProvider();
        var authenticationType = this.GetAuthenticationType();

        args.App.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            Caption = identityProvider.Caption,
            AuthenticationType = authenticationType,
            AuthenticationMode = AuthenticationMode.Passive,
            ClientId = ClientId,
            Authority = Authority,
            RedirectUri = RedirectUri,

            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = (context) =>
                {
                    System.Diagnostics.Debug.WriteLine("*** B2C\\AuthenticationFailed");
                    //this section added to handle scenario where user logs in, but cancels consenting to rights to read directory profile
                    string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                    context.ProtocolMessage.RedirectUri = appBaseUrl + "/";

                    //this is where the magic happens
                    context.HandleResponse();
                    context.Response.Redirect(context.ProtocolMessage.RedirectUri);
                    return Task.FromResult(0);
                }
            },

            TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = "emails"
            }
        });
    }
}

 

the application throws the exception shown below 

[ArgumentException: idp claim is missing Parameter name: identity] Sitecore.Owin.Authentication.Configuration.FederatedAuthenticationConfiguration.GetIdentityProvider(ClaimsIdentity identity) +198 Sitecore.Owin.Authentication.Services.DefaultExternalUserBuilder.CreateUniqueUserName(UserManager1 userManager, ExternalLoginInfo externalLoginInfo) +76 Sitecore.Owin.Authentication.Services.DefaultExternalUserBuilder.BuildUser(UserManager1 userManager, ExternalLoginInfo externalLoginInfo) +54 Sitecore.Owin.Authentication.Services.d__13.MoveNext() +759 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Sitecore.Owin.Authentication.Identity.d__16.MoveNext() +548 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Sitecore.Owin.Authentication.Pipelines.Initialize.<b__10_1>d.MoveNext() +1341 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Mapping.d__0.MoveNext() +598 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Mapping.d__0.MoveNext() +871 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +768 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +768 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +768 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Security.Infrastructure.d__0.MoveNext() +768 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.AspNet.Identity.Owin.d__0.MoveNext() +448 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.AspNet.Identity.Owin.d__0.MoveNext() +448 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__5.MoveNext() +197 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.d__2.MoveNext() +184 System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31 Microsoft.Owin.Host.SystemWeb.IntegratedPipeline.StageAsyncResult.End(IAsyncResult ar) +117 System.Web.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +510 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) +213 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +131

 
Any pointers on how to resolve this ? am i missing anything ?
 
i am new to Azure Ad and B2C , any Articles on how to set up Azure B2C with sitecore for External user authentication would be great