DEVHIDE
Login Or Sign up

The parameter is incorrect - SAML 2.0 - Custom Policy in AzureAD B2C

484 Views Asked by At

I'm in the process of setting up a SAML 2.0 service provider on B2C using custom policies.

With my current setup i can login on the IDP, and get redirected to my B2C assertionconsumer link where i am greeted with the following message: AADB2C: An exception has occurred.

I discovered that the SAML response returned to B2C had a success status code by using SAML-tracer

<?xml version="1.0" encoding="UTF-8"?>
<Response xmlns="urn:oasis:names:tc:SAML:2.0:protocol" ID="_bbe4821c-dcc6-e7be-685c-2a655f2bd93e" Version="2.0" IssueInstant="2021-06-29T07:08:50.8079797Z" Destination="https://myb2ctenant.b2clogin.com/myb2ctenant.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer" InResponseTo="_9c51291e-0838-4d76-b87b-06378b62a2e0">
   <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://saml.test-devtest4-nemlog-in.dk</Issuer>
   <Status>
      <StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
   </Status>
   <EncryptedAssertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
      <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
         <xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm" />
         <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <xenc:EncryptedKey>
               <xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep">
                  <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                  <xenc11:MGF xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha256" />
               </xenc:EncryptionMethod>
               <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                  <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                     <X509Data>
                        <X509IssuerSerial>
                           <X509IssuerName>CN=TRUST2408 Systemtest XXXIV CA, O=TRUST2408, C=DK</X509IssuerName>
                           <X509SerialNumber>1604005554</X509SerialNumber>
                        </X509IssuerSerial>
                     </X509Data>
                  </o:SecurityTokenReference>
               </KeyInfo>
               <xenc:CipherData>
                  <xenc:CipherValue>ZgKyS3kIO8466MCUN2fts1lKowwmipX7V5mKtyFNl7trDKeTJ/liKGB0nv33/aMrELWTvlD/EybYN7stD57hlzste1qgHQALAVnsGnCd5eWulPIQVfNPhAvz8eoEviNMv6wYxc7FqMUnZ2js4ZvyGMMZIm0pZya49qIzBmT+fo+cFQ335aLIKzJvZAMQMQiMcjKL4dmR5sRorIBNoSoVggiTVI0BcegUZxf8MFgCj0GE2EucgfvjW+7UDh3PkEQt2piyvIMi/GJFrf57O0LkEFioq2xXBP16I18jhVrjZe6ZTRG+s2d/wDN+0mLdh/8X+Vh6bhoIMorXCjtk7p4yxQ==</xenc:CipherValue>
               </xenc:CipherData>
            </xenc:EncryptedKey>
         </ds:KeyInfo>
         <xenc:CipherData>
            <xenc:CipherValue>UydbJP7A7gNqtOLVAZPsdrR3qTstLw8kAMn1FA1W1le3jsrtZaetaFouazJATC+2qUoCw/fZ6pXobuoLYKwEwxXjZVdX8aIjaOjdRlMgEFJp174O0YiC01l52m+8ooouWO1m9e9sXuEmyNau6mNM4WymrxnlfU45u2CsB5mFRbzAA2wEtNZ2f8QQQFbYu2yfRKe522NVuw7qcY3M3HwPpk5McQBJKCvgEOE5axCsCa3y28DG5ofoIMm2IZ7x3GovUu2WuMee2/TIBic5B3KHOD5t40B2sHL7nhOuLOTzo2KjtEsSF+EOLmQjN5COT3RwTk1ivV7wd7eiErd3eKHrqkAAx/GxN+Uv/fO2TBg/h2N4Diesd7xEdZfTKX9ytAiZWTfI0uoP5SQXEH5T0Fg7Ts6+c+aoI4rRE6hxEbFEDwOyfG6U9vL2seL1KcXESZ3q23ffUbDDIDAl1axtUR1ZSbBuzXjbB6vD4Iuzv2EpwGA9dn2M3ietZPT335MHGvNirTylZL/l8Lc4WFawy+IK9yGJuVimD+sImVD5lbzdcyLPfzUGlQDshNc2lnw4RU9Ya98bMjmwTdcW3q1uu9HCM6yfUPKuoEjpz4Tmmv22doPH2vJc4RB9m0JBnRgFZwrW17A0rACK0Xz6w3nVu5gyP4CIkYz0feQDXhsvIwcaoMn7ZxqCSGhQdy8yYdUvBo1XjuzteSL7+aVtZPj5rVXw45mX8sAA+w8Ng5al0viJq5DOV44myHUO9QS6VhjXBCgBTDrBty8+uSwZNLHo5UwQzIfPUS+GEIDkH74H8+uf2Rm9furpE68JgOMDPiDLLJ4OjX9ICCLiWoQNbQUB5EilbXiK4qkmtyrkCTkV9YZIXGqR0rF8rjUsJFfyNS+I4Ztq84feNNnKnOzypztcVGa2vhNviQEFv6I7WpMIgfU4e+0aBq767irqHKMv1id+1TFPthigINY6k8oA/fkbytFVya4WegYTPHKjZ5eNjkSadl4ih5zSrJvfSOkBEad4bjNnZkq1M6GREZUEFfnyuEFcUngRqfqYvQx2qBkVhoo6FCY8ETSUSEp5dr9eL5nzSdDZm6opfLu3OsJTuSeUOhqhrUDXuRqZisIcgKI9yB66K986wb/kF+rKQS8uXPvlgfBu5cVBPTgiUhtjyGlKzIW0Zc8qIzSE3IqrBU8Kv1FcuEAQ8NnOIMWNroM+9VuEBsda7HrKV6/UrD5lcYdVJs/T85mcGG2bc/lt3mhyfeEPHx8133FcdAuVlRJaHs58qdLg3t9Pcgu1i8UCCm6cCL1ZCtmRgTBWDPCpufOiuMVX4Hpv4oGCvRGVY1ZxVrLHjlKNHp+VT8pn22TqjPH58GPn9cMX0jvlecCXgjnWfJIrrTk1CZQK0Tx1Hu7E91cuhK+02T379TStywJ6Xha1kDNnvTVq84C1PzR6x1iVudPs0ILn2oYlmz2TACcH1P4TqZYfXVLHwxtxCm13lh100q1qppYUPXIG7JwtTQb1Sa1MhIjlKIFcVnYf/elCwjB87Y6gM++pz1W+W6oXDcde9YlwZ7xCMsia4lLG8l0BxPsHlIwrw4DfTobQJpAzXoAijnp0RzIu7g0G9JS1uJnjAmDA+OWYOoH/WN5bCRBF95s9+6WfpzqbpWftJ8Yg65RjP0oc3Jye5zRjhL3JIenEJbDfUg77nf9e8LHENeXwyZ6OVNIpqLBUTjrp7PXR334tZ7SGs5zJsuHN3Z1Pzd1fLjL+iL7iu1MqgNOFGMnX7iDCigfLiKPqC0mLwDfGtnlL4eEyEkdCscW1C4zXIUJySryToU9qOQyt/yllO5qHjizlUZU+K1bqDnkswE5nV1XKFvibjGtGY9R+pxUKzXULxldDUkC9V790KdfaPJFXpg/Otw+NQ4koD+H/PPAA28CeoHBma31Sj36tlICkO6/8Sf9nwEWAOM+mTTIkkGbZ0UW+ZeedrB26uR8hyWfgEvz4GbXtclKP26vNpZFk36nbwTClLKxmDlu09Ok/SDj0CcgK281m4WBGFtZMwhjOphowmnZVLJyWlivweR7kDjGVsaEzn/xBOb1/B9V42KiBwI0tueXS5zn5TAdbitQ4XgDELqLFr9Ep3IbxCjemrdSn8zepHaUWx4TtTzuuXD0gsD/ISjdq+CrzQ+zCh8tzm7aX8r4z6joLdukbzYXKhbCUiDHgI5ApeocYgTr0WalkXSLj6Kx0mgzH3NsCqcsuYOF8J+HVVi3szDnYKlvUawtDQVfSRC4gptiz1OCtvEiZfTpBOqW3sB54MJxx7t74tCL8pRZw/m3ydzCqp46szSRUs32H3d4A9nPo5EsjUeUmL0ATf8rBT2jzOXroCaebuqK/BHzy/TTkXORpZwpfSJpfVfvKvVUQYVU5Bia5WTx5+tfN962m+O9wy/Xx8VDxZl4x90q4x30h7jP/8ACen1HLcHOs+Vr/0Qlg3xLUTipDObN5/p2qWjRjIShpgRJWq+gHUhHtULxlorbz9ZgqGSkzXaH9wu0x/CDu934Mnb43Skjib7P4OJfLPfT+nXEtYOQRUGLlMhBeKRDbnM/67Bl320oe1s2BVvXGs2l//csbBV9XLtl8vP7nyJ8RpMechRV7DxHCQ2ywZwb60jtdHVbH5QDcj0PKevY1SzgYtQYoYkOaPUEWWeHjs96uQoz+ebqkUS31+tZApwl9M9vyPdNOnLU39EOg7dUA6h2pQs3aiHIGGo6hXaj27sHhqOCtA+7vl/FKuTrQKD3gvX3uO9CUA9o1bBYjizqf29uTo5q876HjjiOVOvEegSeB01f0rBzAz4UpREkkRlfq+kLB66MP174Kg1Ft0JNcib+BpUTNhQoICxMpVA9ZIHE9YAw6f5DwKdH0DxvzfO7C+EaxjgBH0JjDHzGQ4luGf38OI83hxwim3qx/0XMOeqatNS1KtYCF59FQRkfsvSxsZuPsob9Ijf4us1RUtqJ5k9vyUGiohLEBB05J9jDGCGBe2DKDdJUz0o2DhcOiIh/WP3N129Q7a9KKcJd5K/tTOnQDTyT/bb3nEhGIw/5Wgr1OQBG+t3lKuzkizm2k9v6xFbfqu+VR/TiowiX5lW66asAzwrVnNPI9VVSxDTE0PAJtmaKAb6n1qw7pN3uhMkN1rwns1FyCEqPbqUNMv2iFkElNBGcHB91V7Yaty8NCM7SgmYbrwGSZGj8yP0bJKXpHB7Nrw+nb0u1kZF3kJ43UZ8+SzWzaJ5fnfUqWmQzWguB9By1yfgkse0O+agzQsmUgmV42yxzOUu4qNtcvOfLRkEhnrKq8W++qe18Ss/yXpBBuQYZbts7a4q/vyxUcIWu9BJ9PoyWchtbqDDWi50PIHvTosn/+S8rTlagk29ArAw83wuzPGU6Byt/fIBVw2lhpRdonzvN6Tek3euaFvMRZVzWFJTFFloJvhyEZCnCBqq0+FNlQyu1se4pxBwTtKYnu4mOIrJkbRXxI9SxNXA7XqvGdkzKP35p82HqtfMsSeLWqcubxsH2hqu9YllDQqSvowtXXl3+w7S+aopnkMvZcyfz7G6Z0lSImDXj57KzQtELvcJYsLrYphjgKo3/yfsNNpJ3ZMgg2uLaKliNxI4d/oPcrEhYeplqvi506dlZaFLBP3vtjtlzhe4K3wPW4KtaNYl6W4JmnUeDK35NNvibGwyi//tbQ7YgJSg0RB+bxu19RlG5FOJtO+CogaegLawNSRVtpk2QTu1NYUWVI8t0U/JtuzfI5FDRn66uCsodfcwuQXG/Y8jructxkfb+TE9h6fSRGuFzuivc052xLV2f3E1jvEb1FBX81WAXlgKWBZWBiZ9t2jlskj+zljmQISp1xyICFWyTshm5KaENCejjl9gGJ1ymKgw3a16nsUWSSfZZ+M7WMubHYutwTovsPhezBXWZ1+SjBIf/TgeDqarNMK/zCIzeG2Qi1a68OpIocdU6Dp9bFZMn22ZiLgMGr2Iqf+3THoJ4ekNfH5Xy7oIE6snvEmE6rgECT0Y2Z81LuWmhoRtm9TnNyJ85gD0IJt6HFDFv8ou7E8LWMt3g1sCzqR6STVdYM/YMNF6nS/nMC0K/OniiOxPxPJPYxi1tGN5PBPBG8scSU3TBMa5k/KO6KPvb1185njBdAEQ060HoqJRYom6ik7CSk5RLfOxmjcvJ+GNFqVD8vlYD2WwZnOduqzUkqTEf282PhtSgDEuIWcPmlFq0vTms28o1WzmNKmL6nkEtVSc1I7m9+dB+ELVDQpIQ3xwvpSU++VAVuOTTKsipa+sKnC0x2/eCjrdjihTMlEKUEDvJbtyZjODu/d8uGk9txGF/NN9JygInS7URWRuRtFuyNRT5jZGKsOeTWAXZQKMftgxGYOrKwZkwlK1gzO56cU9GGQJAKfbPOG9p2OfTL1ZjjUaCFFJkf445jK75dxSd/sYLjyeLXf8v6Wr0PIVcIWGeS5nwWw6AmDwXNevYC6EzFcVl1UzjmfCs6sTwhXxUn4SNw8lZyls95zG7tiN0W6WbVSQ9gBGxIZ14WpN5R56otXwMNJ5YwhWg8pU4MAplImTGW9kqs3DHtGfr9kZwMxsl5lK0AxYm+9g/9sBwVXfWW+eUb4H24EfpiRHjWfLvudHm6Q0wtLungVcSDeWZexmqepXw4Mxpz6n2WhPhVZ7nPcdLGN9WoANPNHCRh2O8PaawSstFfABr+U3wtp/w3+PXxXJ/DhLpb+tn/dcrcq6oQM8Iauiy0pNB6hydVBJhJx5GEaliFeou7SUaPBvr3yArzYFrgnpZh/VeXGIJvjeLh0CXNRos5Pb8S5xheHC9qbyExBa0QYjhME0Yv1PvJGauk0jwjuhWFI4hmaFk7Na5DoBfAbK11ADO/uFABgBw5Txy8qnh+OEK89ZEgYaDiUizGz6BMLi7ZZMAk/plZEj6yviou8rPQ3Ut8p5TYbbbkT56GLtGoD6c/N3B1pWTPFDScQbDnNU3jQQucy9uMlT8mR8Mfsj8WEV2UdoZJDpbIR2br1puxkAwVG0GRyO8VZtDkmk2PuN0pkLtCxHDm3zun5wp7Vtd3bpqCOAT7gBKo3yeXirNRt31TQE3CFwKm7E/VjOj87nCKTb0GHKz0cOiS86svZfwDg+SoiV20A8tvtXM/Pwf9ZqKOdFR268W0i2EfjEwMNphm9Gexr49DYCQwzs0I8nGEJvZ1LJFiBPcLe549MT6ARs5Qxk37DtKjOMPuMpEJcUAZeJfVGXlE50PoLajgtZu7/qjSc/dkYANa4tbufNfwAmrScVSpp8evk3l4BYIA56jeH+NtEcSbo9WAtpS6jL1wXSzqd5qGSXc5UuG3vKZO9JgVWbf+dPFELrRI67yQ01HYmJK1xbokPR/az8VuNG0F/GshI1+iKIc0UJxnibKGQ/BJMAmbq40fnkXrN7cx3HGXkoM3+7cZM3VdmtlSqHUT5zsIdrev5wwjf0iBCjoh79QriVkzr00DrlIDCqsrJoONz4s7uA7uqyPUAo1OI2gROKnfAlZmTilaSHkwyer6hEVLryYrmfNGuOp2nImFgwZA0GeUmgCLV/OjfOdP4KElia46oTK9Zpa/l1wYPWnLGPBwmyb+jWhqhAXvK/v3Fkj7/sw3XO9EhluCc0owScHGHVzJbc5t6SIn94Sb8baTiTPKMD0edu8LgtY0WDLeui1wrQHvNSkqrwh1o5IZffOWxb4FVPAgE7Bh3Fd1XTrZdrd3mTbMtfZZha1rKFxCY0loQ5To8oLyPBPO0sDcpes7ZigY3mRqoDlh3k8kUIVlicqAXSGPqOPmTZmCmkZj74epVCKTTSH8tV0+/QY/0f1vdKMMIK463gcrDDc+sZe/nkSKc++w6PH6VBvZSsKSRJ6fgL1ry8jRQKbdSDyp8p2taYHOO+pMMV4M5L75Pqc63D887ELwRN1srtX0gUWGrRwyNTygtH8sTNoSnO3widTy4XHxFImh7t1un/J7jUEvsWNuaibKc82Ah5VqcdvbSoktCorAH9Vue0qfrAnle/aVgyRFS2H8mtkHOqx4nKhJICDOXgA5is3/pxxQ7f7bAdqSRok9b/sSiPUnlGY9+0IbukrecaLIqxEK1yUjLoVl1hqBFPFkOhA++j0QYBeEwqAn75LH92rSzEF29TGVWWhnYuw33ewyrZ83KxGXCH9pMEnJL0MpiXICjsHa9viPpGmPL3OaluPZL0w5KSX3Iske7chtW+G2gdhIbIsoYQUwbXWqWvVTr7/AG3DPQdvn188vGgK4LsAO9VppoVgo5JN4/s5sCy089AsPjG4MmYOi6e/YkMYK9LPbM+EHmY+KTD3iH5ypM7sK6wvarOBPPk+nlFlSkxs3RvGxMgzMzLStPxvjSYLbRI/MQ3I73OHwMmMPe7R4qku4o3hj4Hm8deOv53BpYIllWFLWDWWlX1TnmqqytpGJuOdJ7MSylQJxDhJPmcpTOH5GjaSHec2b27XPJiKlp726Vh4SXRxWQbR7b1kr9pO+SNgQwRJhxRfV/i45fLjgbzGbCGYkSCGNMhZmuAGiI7bbWTrGK42P9tL8jNComb21PPazEWuDTlw41UxKAHM1fAtIMP4H5lNe7pRkBfLROviQrEz18PaV0VxjMd921X5fEJFt1LEdvwREjB9FCzZjiRRJ0o2HBRRkSgRyjUt2YQPPR+Fq7HUD48EF3FMZp+/SKuwVbuIs9R+vkL8gMq5Y23WLdHo+LRhADaJMRHfjekrL8nm87Eao2Q3+qd08UYmLvKdO47AqdgsUNPSeSBtNDYL0UAEADW3VEtcXv8lXfR2N8rpIJ69VAOCwNYZpFn59l4tZcHHcGs7Hndd9plUJfCb+9xo=</xenc:CipherValue>
         </xenc:CipherData>
      </xenc:EncryptedData>
   </EncryptedAssertion>
</Response>

I setup Application Insights for the relying party using this tutorial and managed to get the following error:

{
    ""Kind"": ""Headers"",
    ""Content"": {
      ""UserJourneyRecorderEndpoint"": ""urn:journeyrecorder:applicationinsights"",
      ""CorrelationId"": ""d50ab845-8e9c-4958-8f0d-9b918ac3d651"",
      ""EventInstance"": ""Event:ClaimsExchange"",
      ""TenantId"": ""mytenant.onmicrosoft.com"",
      ""PolicyId"": ""B2C_1A_nemlogin3""
    }
  },
  {
    ""Kind"": ""Transition"",
    ""Content"": {
      ""EventName"": ""ClaimsExchange"",
      ""StateName"": ""Initial""
    }
  },
  {
    ""Kind"": ""Predicate"",
    ""Content"": ""Web.TPEngine.StateMachineHandlers.ClaimsExchangeMessageValidationHandler""
  },
  {
    ""Kind"": ""FatalException"",
    ""Content"": {
      ""Time"": ""9:40 AM"",
      ""Exception"": {
        ""Kind"": ""Handled"",
        ""HResult"": ""80090027"",
        ""Message"": ""The parameter is incorrect.\r\n"",
        ""Data"": {}
      }
    }
  }

I have been trying to troubleshoot the error: ""Message"": ""The parameter is incorrect.\r\n""

link to idp metadata

My technical profile below:

<?xml version="1.0" encoding="UTF-8"?>
<TechnicalProfile Id="NemLogin-SAML3">
   <DisplayName>NemLogin3</DisplayName>
   <Description>Login with your NemLogin3 account</Description>
   <Protocol Name="SAML2" />
   <Metadata>
      <Item Key="IssuerUri">myIssuerId</Item>
      <Item Key="PartnerEntity">https://www.nemlog-in.dk/media/zrrb0a1e/oio_saml_3_test-devtest4-idp-metadata-xml.txt</Item>
      <Item Key="NameIdPolicyFormat">urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</Item>
      <Item Key="ResponsesSigned">false</Item>
      <Item Key="WantsEncryptedAssertions">true</Item>
   </Metadata>
   <CryptographicKeys>
      <Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_Test" />
      <Key Id="SamlAssertionDecryption" StorageReferenceId="B2C_1A_Test" />
   </CryptographicKeys>
   <OutputClaims>
      <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="assertionSubjectName" />
      <OutputClaim ClaimTypeReferenceId="specVersion" Required="true" />
      <OutputClaim ClaimTypeReferenceId="loa" Required="true" />
      <OutputClaim ClaimTypeReferenceId="cvr" Required="true" />
      <OutputClaim ClaimTypeReferenceId="orgName" Required="true" />
   </OutputClaims>
   <UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml-idp" />
</TechnicalProfile>
azure-ad-b2c azure-ad-b2c-custom-policy nemlogin
Original Q&A
0

There are 0 best solutions below

Related Questions in AZURE-AD-B2C

Related Questions in AZURE-AD-B2C-CUSTOM-POLICY

Related Questions in NEMLOGIN

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

Copyright © 2021 Jogjafile Inc.