Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to get an error log in Azure AD B2C tenant with correlation ID?

I have encountered a problem in creating a custom policy for Azure AD B2C authentication and would like to look in the detail of the server error with a correlation ID.

But, even if I'm logging into the B2C tenant in Powershell via Connect-AzureAD -[hoge].onmicrosoft.com", when I hit Get-AzureRmLog, it requires me to login to my Azure account of [fuga]@outlook.com (not B2C tenant) and I cannot access the subscription in B2C.

So how can I investigate errors occurred in B2C tenant? Also if there's a way to get it done without Powershell it'd be much better.

EDIT: The error seems occurred when I try signing-in via the custom policy of the tenant. Below is the header showing the error. enter image description here

like image 582
kemakino Avatar asked Aug 10 '18 23:08

kemakino


People also ask

How do I access Azure B2C tenant?

Sign in to the Azure portal. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the Directories + subscriptions icon in the portal toolbar. On the Portal settings | Directories + subscriptions page, find your Azure AD B2C directory in the Directory name list, and then select Switch.


1 Answers

You can debug a custom policy by sending the log entries from Azure AD B2C to Azure Application Insights as described by Azure Active Directory B2C: Collecting Logs.

A log entry contains the correlation identifier.

Note that there is a short delay (less than five minutes) before the log entries are sent.

If you don't want to wait, then you can configure the custom policy with the following settings to send the log entries from Azure AD B2C via an ngrok endpoint to your local machine:

<TrustFrameworkPolicy
    PolicySchemaVersion="0.3.0.0"
    TenantId="***.onmicrosoft.com"
    PolicyId="B2C_1A_***"
    ...
    DeploymentMode="Development"
    UserJourneyRecorderEndpoint="https://***.ngrok.io"
    ... />

UPDATE: 4 April 2019

Unfortunately, support for sending the log entries to a HTTP endpoint has been deprecated, so you must use Azure Application Insights.

like image 101
Chris Padgett Avatar answered Oct 13 '22 00:10

Chris Padgett