I have a custom policy based on SocialAndLocal sample.
It adds 2 ClaimsTransformation steps in front. This are steps 3 and 4:
<OrchestrationStep Order="3" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="ForgotPasswordExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="Social1Exchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="Social2Exchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="AdTesttenantExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="4" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="Social1Exchange" TechnicalProfileReferenceId="Social1Exchange-OpenIdConnect" />
<ClaimsExchange Id="Social2Exchange" TechnicalProfileReferenceId="Social2Exchange-OpenIdConnect" />
<ClaimsExchange Id="AdTesttenantExchange" TechnicalProfileReferenceId="AdTesttenantExchange-OpenIdConnect" />
<ClaimsExchange Id="ForgotPasswordExchange" TechnicalProfileReferenceId="ForgotPassword" />
</ClaimsExchanges>
</OrchestrationStep>
Fresh logon scenario works fine. But on subsequent logons, if the user used one of the social IDPs they get an error like this:
It makes no sense. Why is B2C looking for LocalAccountSigninEmailExchange in step 4 when it's defined in step 3?
I tried asking MSFT support but so far they were no help (as usual). Maybe I can have more luck here..
I can provide an Application Insights trace if it's useful.
After over 4 months MSFT support finally came up with a solution.
The error goes away if ValidationClaimsExchangeId
element is placed as last element like this:
<OrchestrationStep Order="3" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="ForgotPasswordExchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="Social1Exchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="Social2Exchange" />
<ClaimsProviderSelection TargetClaimsExchangeId="AdTesttenantExchange" />
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>