Search code examples
azure-ad-b2cidentity-experience-framework

Unable to upload policy, The element 'ClaimType' has invalid child element, expected: 'InputValidationReference, PredicateValidationReference'


When I try to upload the following claim it fails:

<ClaimType Id="my-claim">
    <DisplayName>My Claim</DisplayName>
    <DataType>string</DataType>
    <UserHelpText>some text</UserHelpText>
    <UserInputType>TextBox</UserInputType>
    <Restriction>
        <Pattern RegularExpression="^[a-zA-Z0-9.!#$%&amp;'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$" HelpText="..." />
    </Restriction>
    <DefaultPartnerClaimTypes>
        <Protocol Name="OAuth2" PartnerClaimType="blah" />
        <Protocol Name="OpenIdConnect" PartnerClaimType="blah" />
    </DefaultPartnerClaimTypes>
</ClaimType>

With the following error:

Unable to upload policy. Reason : Validation failed: 1 validation error(s) found in policy "B2C_1A_TRUSTFRAMEWORK_BUILDINGBLOCKS" of tenant "mytenant.onmicrosoft.com".

Schema validation error found at line 172 col 10 in policy "B2C_1A_TRUSTFRAMEWORK_BUILDINGBLOCKS" of tenant "mytenant.onmicrosoft.com": The element 'ClaimType' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06' has invalid child element 'DefaultPartnerClaimTypes' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'.

List of possible elements expected: 'InputValidationReference, PredicateValidationReference' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'.


If I move <DefaultPartnerClaimTypes> up a little, the policy uploads.

<ClaimType Id="my-claim">
    <DisplayName>My Claim</DisplayName>
    <DataType>string</DataType>
    <DefaultPartnerClaimTypes>
        <Protocol Name="OAuth2" PartnerClaimType="blah" />
        <Protocol Name="OpenIdConnect" PartnerClaimType="blah" />
    </DefaultPartnerClaimTypes> 
    <UserHelpText>some text</UserHelpText>
    <UserInputType>TextBox</UserInputType>
    <Restriction>
        <Pattern RegularExpression="^[a-zA-Z0-9.!#$%&amp;'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$" HelpText="..." />
    </Restriction>
</ClaimType>

That doesn't seem "right" to me. The order of children of <ClaimType> shouldn't matter, right?

Is that order specified in the XSD file? (I heard I can configure VS Code to validate my XML against the XSD, I need to figure out how to do that...)


Solution

  • Yes, the "ClaimType" type requires the child elements to be appended in the declared sequence, as defined by the XML schema; otherwise it doesn't pass the schema validation.

    This also applies to all other types that are defined by this XML schema.