Azure-docs: Error getting Azure AD claims
Hi,
After following this tutorial and trying to run the user flow using Azure AD login I keep getting this error:
AADB2C: A claim with id 'UserId' was not found, which is required by ClaimsTransformation 'CreateAlternativeSecurityId' with id 'CreateAlternativeSecurityId' in policy 'B2C_1_test_v2' of tenant 'xxx.onmicrosoft.com'.
I believe everything is set up properly in the Azure AD and Azure B2C side since I can login without issues with my AD account through B2C. Local accounts are fine and I can see all the claims.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: bac6db2d-bff9-cbcf-d522-966ed17ea27f
- Version Independent ID: 91e3eeb7-8602-9e26-21c3-1fa70d03a354
- Content: Set up sign-in for an Azure Active Directory organization - Azure Active Directory B2C
- Content Source: articles/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory.md
- Service: active-directory
- Sub-service: b2c
- GitHub Login: @davidmu1
- Microsoft Alias: davidmu
goncalvesj
All 4 comments
@goncalvesj Thanks for your feedback! We will investigate and update as appropriate.
SaurabhSharma-MSFT
on 15 Apr 2019
@goncalvesj We are testing this scenario in our labs and will update the thread accordingly.
shashishailaj
on 17 Apr 2019
@shashishailaj I figured what the problem was. On the setup of the identity provider you need to add the "profile" scope. As soon a I changed that the missing claim was passed on the id token from the external Azure AD.
goncalvesj
on 17 Apr 2019
We are glad that you were able to resolve this. Thank you for sharing the solution with the community . We will now proceed to close this thread as it does not seem anything is pending at this point . We will try to see how we can incorporate this within our documentation .
Thanks again .
shashishailaj
on 17 Apr 2019
Related issues
mrdfuse
·
3Comments
jebeld17
·
3Comments
Ponant
·
3Comments
jamesgallagher-ie
·
3Comments
JeffLoo-ong
·
3Comments
Most helpful comment
@shashishailaj I figured what the problem was. On the setup of the identity provider you need to add the "profile" scope. As soon a I changed that the missing claim was passed on the id token from the external Azure AD.