I'm trying to configure an Azure B2C custom policy for SignUp-SignIn with KeyCloak SSO
<ClaimsProvider>
<Domain>mydomain.com</Domain>
<DisplayName>SSO</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="SSO-KK-OpenID">
<DisplayName>My SSO</DisplayName>
<Protocol Name="OpenIdConnect" />
<Metadata>
<Item Key="ProviderName">https://mydomainurl.com</Item>
<Item Key="METADATA">https://mydomainurl.com/auth/realms/myrealm/.well-known/openid-configuration</Item>
<Item Key="response_types">code</Item>
<Item Key="response_mode">form_post</Item>
<Item Key="scope">openid</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="UsePolicyInRedirectUri">false</Item>
<Item Key="client_id">myclientIdOnKeyCloak</Item>
</Metadata>
<InputClaims>
<InputClaim ClaimTypeReferenceId="domain_hint" DefaultValue="pippo" />
</InputClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="https://mydomainurl.com" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" />
<OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="email" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name" />
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email" />
</OutputClaims>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_MYKKSecret" />
</CryptographicKeys>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
I've stored my secret in Policy Keys with key usage as Signature. But when I upload the file I obtain this error:
Validation failed: 1 validation error(s) found in policy "B2C_1A_TRUSTFRAMEWORKBASE" of tenant "mytenant.onmicrosoft.com".Schema validation error found at line 440 col 12 in policy "B2C_1A_TRUSTFRAMEWORKBASE" of tenant "mytenant.onmicrosoft.com": The element 'TechnicalProfile' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06' has invalid child element 'CryptographicKeys' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'. List of possible elements expected: 'OutputClaimsTransformations, ValidationTechnicalProfiles, SubjectNamingInfo, Extensions, IncludeClaimsFromTechnicalProfile, IncludeTechnicalProfile, UseTechnicalProfileForSessionManagement, ErrorHandlers, EnabledForUserJourneys' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'.Schema validation error found at line 440 col 12 in policy "B2C_1A_TRUSTFRAMEWORKBASE" of tenant "mytenant.onmicrosoft.com": The element 'TechnicalProfile' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06' has invalid child element 'CryptographicKeys' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'. List of possible elements expected: 'OutputClaimsTransformations, ValidationTechnicalProfiles, SubjectNamingInfo, Extensions, IncludeClaimsFromTechnicalProfile, IncludeTechnicalProfile, UseTechnicalProfileForSessionManagement, ErrorHandlers, EnabledForUserJourneys' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'.
I follwed instuction in Ms Documentation and copy ClaimsProvider of Facebook for reference
The error indicates the order of nodes is unexpected.
Move cryptographic keys between metadata and inputclaims nodes.