From b0cd11c5522c4a40721af8eee24c6d11fc1ae73b Mon Sep 17 00:00:00 2001 From: Jason Paige Date: Tue, 25 Nov 2025 12:03:07 +0000 Subject: [PATCH 1/5] Prod B2C Config --- .../prod/B2C_1A_SignUpOrSignin.xml | 243 ++++++++ ...Base.xml => B2C_1A_TrustFrameworkBase.xml} | 552 +++++++---------- .../prod/B2C_1A_TrustFrameworkExtensions.xml | 516 ++++++++++++++++ .../B2C_1A_TrustFrameworkLocalization.xml | 318 ++++++++++ b2c/custom_policies/prod/B2C_1A_UserInfo.xml | 23 + b2c/custom_policies/prod/ProfileEdit.xml | 36 -- b2c/custom_policies/prod/SignUpOrSignin.xml | 75 --- .../prod/TrustFrameworkExtensions.xml | 399 ------------ .../prod/TrustFrameworkLocalization.xml | 567 ------------------ 9 files changed, 1302 insertions(+), 1427 deletions(-) create mode 100644 b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml rename b2c/custom_policies/prod/{TrustFrameworkBase.xml => B2C_1A_TrustFrameworkBase.xml} (71%) create mode 100644 b2c/custom_policies/prod/B2C_1A_TrustFrameworkExtensions.xml create mode 100644 b2c/custom_policies/prod/B2C_1A_TrustFrameworkLocalization.xml create mode 100644 b2c/custom_policies/prod/B2C_1A_UserInfo.xml delete mode 100644 b2c/custom_policies/prod/ProfileEdit.xml delete mode 100644 b2c/custom_policies/prod/SignUpOrSignin.xml delete mode 100644 b2c/custom_policies/prod/TrustFrameworkExtensions.xml delete mode 100644 b2c/custom_policies/prod/TrustFrameworkLocalization.xml diff --git a/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml b/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml new file mode 100644 index 00000000..0fcecdd0 --- /dev/null +++ b/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml @@ -0,0 +1,243 @@ + + + + hmctsprodextid.onmicrosoft.com + B2C_1A_TrustFrameworkExtensions + + + + + + + + + + + + + + + + + + + + + + objectId + SkipThisOrchestrationStep + + + + + + + + + + + + + isForgotPassword + SkipThisOrchestrationStep + + + + + + + + + + + isForgotPassword + SkipThisOrchestrationStep + + + isSignUp + SkipThisOrchestrationStep + + + objectId + 647ef962-b03f-40fa-b9a0-df5243bc8334 + SkipThisOrchestrationStep + + + + + + + + + + + + + isForgotPassword + SkipThisOrchestrationStep + + + isSignUp + SkipThisOrchestrationStep + + + otpVerified + true + SkipThisOrchestrationStep + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Absolute + 3600 + + Allow + + + PolicyProfile + + + + + + + + + + + + + diff --git a/b2c/custom_policies/prod/TrustFrameworkBase.xml b/b2c/custom_policies/prod/B2C_1A_TrustFrameworkBase.xml similarity index 71% rename from b2c/custom_policies/prod/TrustFrameworkBase.xml rename to b2c/custom_policies/prod/B2C_1A_TrustFrameworkBase.xml index e87198de..9c2e91d3 100644 --- a/b2c/custom_policies/prod/TrustFrameworkBase.xml +++ b/b2c/custom_policies/prod/B2C_1A_TrustFrameworkBase.xml @@ -1,4 +1,4 @@ - + @@ -28,17 +29,13 @@ - Username string TextBox - + @@ -102,10 +99,7 @@ Enter new password Password - + @@ -129,10 +123,7 @@ Confirm new password Password - + @@ -236,10 +227,7 @@ Email address that can be used to contact you. TextBox - + @@ -285,29 +273,19 @@ - - + + refreshTokenIssuedOnDateTime string - Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token. - Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token. + Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token. + Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token. refreshTokensValidFromDateTime string - Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token. - Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token. - - - - isSignUp - boolean - Whether the user is signing up rather than signing in + Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token. + Used to determine if the user should be permitted to reauthenticate silently via their existing refresh token. @@ -315,36 +293,31 @@ nca string - Special parameter passed for local account authentication to login.microsoftonline.com. + Special parameter passed for local account authentication to login.microsoftonline.com. grant_type string - Special parameter passed for local account authentication to login.microsoftonline.com. + Special parameter passed for local account authentication to login.microsoftonline.com. scope string - Special parameter passed for local account authentication to login.microsoftonline.com. + Special parameter passed for local account authentication to login.microsoftonline.com. objectIdFromSession boolean - Parameter provided by the default session management provider to indicate that the object id has been retrieved from an SSO session. + Parameter provided by the default session management provider to indicate that the object id has been retrieved from an SSO session. isActiveMFASession boolean - Parameter provided by the MFA session management to indicate that the user has an active MFA session. + Parameter provided by the MFA session management to indicate that the user has an active MFA session. @@ -447,10 +420,7 @@ - + @@ -511,6 +481,15 @@ + + ~/tenant/templates/AzureBlue/multifactor-1.0.0.cshtml + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:contract:multifactor:1.2.5 + + Multi-factor authentication page + + + ~/tenant/templates/AzureBlue/selfAsserted.cshtml ~/common/default_page_error.html @@ -577,7 +556,6 @@ Local Account SignIn - Local Account SignIn @@ -604,9 +582,9 @@ - - - + + + @@ -614,16 +592,43 @@ + + PhoneFactor + + + PhoneFactor + + + api.phonefactor + true + + + + + + + + + + + + + + + + + + + + + Azure Active Directory Azure Active Directory - + @@ -635,7 +640,69 @@ + + + Write + true + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Read + true + + + + + + + + + + + + + + + + + + + + false + + + @@ -651,15 +718,14 @@ - - - + + + + + - - + + @@ -690,7 +756,7 @@ - + @@ -716,10 +782,7 @@ - + @@ -742,14 +805,11 @@ - + - - + + @@ -771,10 +831,10 @@ - + - - + + @@ -791,10 +851,7 @@ - + @@ -808,13 +865,9 @@ User ID signup - + api.socialccountsignup - false @@ -825,9 +878,9 @@ these values, or if the claim did not appear in the OutputClaims section of the IDP. In addition, if a claim is not in the InputClaims section, but it is in the OutputClaims section, then its value will not be prefilled, but the user will still be prompted for it (with an empty value). --> - - - + + + - - - + + + + + + User ID signup - + api.selfasserted.profileupdate - false false @@ -864,8 +916,8 @@ - - + + @@ -873,8 +925,8 @@ - - + + @@ -896,7 +948,6 @@ IpAddress api.localaccountsignup - false @@ -914,11 +965,10 @@ - - - - - + + + + @@ -929,24 +979,16 @@ Local Account Signin - + SignUpWithLogonEmailExchange Email api.localaccountsignin true - false false - + @@ -964,14 +1006,10 @@ read from the directory. --> Reset password using email address - + IpAddress api.localaccountpasswordreset - false @@ -993,13 +1031,9 @@ Change password (username) - + api.localaccountpasswordreset - false @@ -1027,21 +1061,12 @@ Noop Session Management Provider - + Session Mananagement Provider - - - false - + @@ -1062,10 +1087,7 @@ Session Mananagement Provider - + true @@ -1076,10 +1098,7 @@ Session Mananagement Provider - + @@ -1091,10 +1110,7 @@ Session Management Provider - + @@ -1134,203 +1150,44 @@ - - - Refresh token journey - - - Trustframework Policy Engine Refresh Token Setup Technical Profile - - - - - - - - + + + Refresh token journey + + + Trustframework Policy Engine Refresh Token Setup Technical Profile + + + + + + + + - - - - - - - - - - - - + + + + + + + + + + + + - - - - - - - - - - - - - - - - - objectId - SkipThisOrchestrationStep - - - - - - - - - - - - - objectId - SkipThisOrchestrationStep - - - - - - - - - - - - authenticationSource - socialIdpAuthentication - SkipThisOrchestrationStep - - - - - - - - - - - - - objectId - cd2ef111-05a1-41b7-a576-f2f05a6ffcd0 - SkipThisOrchestrationStep - - - isActiveMFASession - SkipThisOrchestrationStep - - - - - - - - - - newPhoneNumberEntered - SkipThisOrchestrationStep - - - - - - - - - - - - - - - - - - - - - - - - - - - - - authenticationSource - socialIdpAuthentication - SkipThisOrchestrationStep - - - - - - - - - - - - - - - - - - - - - false @@ -1344,10 +1201,7 @@ - + @@ -1356,6 +1210,4 @@ - - - + \ No newline at end of file diff --git a/b2c/custom_policies/prod/B2C_1A_TrustFrameworkExtensions.xml b/b2c/custom_policies/prod/B2C_1A_TrustFrameworkExtensions.xml new file mode 100644 index 00000000..af9a1426 --- /dev/null +++ b/b2c/custom_policies/prod/B2C_1A_TrustFrameworkExtensions.xml @@ -0,0 +1,516 @@ + + + + + hmctsprodextid.onmicrosoft.com + B2C_1A_TrustFrameworkLocalization + + + + + + Email Address + string + + + + + + + Verification Code + string + Enter the code we emailed you. + TextBox + + + + + + + + isForgotPassword + boolean + Whether the user clicked Forgot your password + + + + isSignUp + boolean + Whether the user is signing up rather than signing in + + + + OTP Verified + boolean + + + + string + + + string + + + string + + + + boolean + + + + + + + + + + + + + + + + + + + https://presaprod.blob.core.windows.net/pre-b2c-container/template.html + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:contract:globalexception:1.2.1 + + ForgotPasswordExchange + + + + https://presaprod.blob.core.windows.net/pre-b2c-container/template.html + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.9 + + Signin and Signup + Sign up + false + + + + https://presaprod.blob.core.windows.net/pre-b2c-container/template.html + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7 + + hello? + Collect information from user page + + + + https://presaprod.blob.core.windows.net/pre-b2c-container/template.html + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7 + + Local account sign up page + + + + https://presaprod.blob.core.windows.net/pre-b2c-container/template.html + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7 + + Local account change password page + + + + https://presaprod.blob.core.windows.net/pre-b2c-container/template.html + ~/common/default_page_error.html + urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7 + + Collect information from user page + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Local Account + + + + + Local Account Sign-in + + api.localaccountsignin + Sign in + false + ForgotPasswordExchange + false + + false + + + + + + + + + + + + + + + + + + Forgot your password? + + + + + + + + + + IpAddress + api.localaccountsignup + false + + + + + + + + + + + + + + + + + + + + + + Change password + + + api.selfasserted + Save new password + false + + + + + + + Reset password using email address (no Microsoft email) + + + IpAddress + api.localaccountpasswordreset + false + + false + + + + + + + + + + + + + + + + + + + Email Verification + + + + Generate Code + + + GenerateCode + 600 + 6 + 0-9 + 10 + 10 + true + + + + + + + + + + + Send Email Verification Code + + + https://sds-api-mgmt.staging.platform.hmcts.net/pre-api-b2c/b2c/email-verification + + Body + Bearer + bearerToken + false + true + + + + + + + + + + + + Enter Verification Code + + + api.selfasserted + false + 10 + false + Verify code + Something something {email} + The verification code you entered is incorrect or expired. + Please try again. + + A verification code has been sent to {email} + A verification code has been sent to {email} + + + + + + + + + + + + + + + + + + + Verify Code + + + VerifyCode + You have not requested a verification code. + You have exceeded the maximum number of verification attempts. + The verification code you entered is incorrect. Please try again. + Unable to verify the code at this time. + The verification code you entered is incorrect. Please try again. + + + + + + + + + + + + Acquire access token (client credentials) + + + + + https://login.microsoftonline.com/531ff96d-0ae9-462a-8d2d-bec7c0b42082/oauth2/v2.0/token + + Form + Basic + false + + + + + + + + + + + + + + + + + + + + + + Token Issuer + + + + + JSON Issuer + + JSON + + + + + + + + + + + + + UserInfo Authorization + + JWT + + https://hmctsprodextid.b2clogin.com/0f878b1e-f234-49e3-8be4-f8028cd364f2/v2.0/ + [ "22222222-2222-2222-2222-222222222222", + "33333333-3333-3333-3333-333333333333" ] + + urn:ietf:params:oauth:client-assertion-type:jwt-bearer + + + + + + + + + + + + + bc77d15c-5991-44b5-93b9-303f5dce8df2 + 286718f3-dd4d-4cef-af64-8d2efba605e8 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + objectId + SkipThisOrchestrationStep + + + + + + + + + + + + + + + diff --git a/b2c/custom_policies/prod/B2C_1A_TrustFrameworkLocalization.xml b/b2c/custom_policies/prod/B2C_1A_TrustFrameworkLocalization.xml new file mode 100644 index 00000000..f80d74e1 --- /dev/null +++ b/b2c/custom_policies/prod/B2C_1A_TrustFrameworkLocalization.xml @@ -0,0 +1,318 @@ + + + + + hmctsprodextid.onmicrosoft.com + B2C_1A_TrustFrameworkBase + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + en + + + + + Email Address + Sign in + Sign in with your social account + Sign in + Password + Please enter your password + Please enter your {0} + Please enter a valid {0} + Sign up now + Sign up with {0} or {1} + Sign up with {0}, {1}, or {2} + Forgot your password? + Sign in + OR + Don't have an account? + We are having trouble signing you in. Please try again later. + + Facebook + Incorrect email or password. + Incorrect email or password. + Your password has expired. + Incorrect email or password. + Looks like you used an old password. + Invalid username or password. + Your account has been locked. Contact your support person to unlock it, then try again. + Your account is temporarily locked to prevent unauthorized use. Try again later. + There are too many requests at this moment. Please wait for some time and try again. + + + + + + + Email Address + Email address that can be used to contact you. + Please enter a valid email address. + New Password + Enter new password + 8 or more character, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ & * - _ + = [ ] { } | \ : ' , ? / ` ~ " ( ) ; . + Confirm New Password + Confirm new password + 8 or more character, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ & * - _ + = [ ] { } | \ : ' , ? / ` ~ " ( ) ; . + Display Name + Your display name. + Surname + Your surname (also known as family name or last name). + Given Name + Your given name (also known as first name). + Create + One or more fields are filled out incorrectly. Please check your entries and try again. + The password entry fields do not match. Please enter the same password in both fields and try again. + A required field is missing. Please fill out all required fields and try again. + What is this? + Please provide the following details. + Please wait + This information is required. + Cancel + Change e-mail + Send new code + Send verification code + Verify code + That code is expired. Please request a new code. + You've made too many incorrect attempts. Please try again later. + That code is incorrect. Please try again. + We are having trouble verifying your email address. Please enter a valid email address and try again. + There have been too many requests to verify this email address. Please wait a while, then try again. + Verification code has been sent to your inbox. Please copy it to the input box below. + Verification code + Verification is necessary. Please click Send button. + E-mail address verified. You can now continue. + There are too many requests at this moment. Please wait for some time and try again. + {0} has not been verified + There is an issue with your credentials, or you are already registered. Please check and retry.. + Incorrect pattern for: {0} + {0} has invalid input. + Missing required element: {0} + Error in validation by: {0} + + + + + + + Email Address + Email address that can be used to contact you. + Please enter a valid email address. + Display Name + Your display name. + Surname + Your surname (also known as family name or last name). + Given Name + Your given name (also known as first name). + Create + Cancel + You are already registered, please press the back button and sign in instead. + + + + + + + Email Address + Email address that can be used to contact you. + Please enter a valid email address. + New Password + Enter new password + 8 or more character, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ & * - _ + = [ ] { } | \ : ' , ? / ` ~ " ( ) ; . + Confirm New Password + Confirm new password + 8 or more character, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ & * - _ + = [ ] { } | \ : ' , ? / ` ~ " ( ) ; . + The password entry fields do not match. Please enter the same password in both fields and try again. + One or more fields are filled out incorrectly. Please check your entries and try again. + Send verification code + Cancel + Incorrect email or password. + Your account has been locked. Contact your support person to unlock it, then try again. + This information is required. + Change e-mail + Send new code + Save new password + Verify code + That code is expired. Please request a new code. + You've made too many incorrect attempts. Please try again later. + That code is incorrect. Please try again. + We are having trouble verifying your email address. Please enter a valid email address and try again. + There have been too many requests to verify this email address. Please wait a while, then try again. + Verification code has been sent to your inbox. Please copy it to the input box below. + Verification code + Verification is necessary. Please click Send button. + E-mail address verified. You can now continue. + There are too many requests at this moment. Please wait for some time and try again. + {0} has not been verified + There is an issue with your credentials, or you are already registered. Please check and retry.. + Incorrect pattern for: {0} + {0} has invalid input. + Missing required element: {0} + Error in validation by: {0} + + + + + + + Sign in + Local Account Signin + Facebook + + + + + + + Email Address + Password + Continue + Cancel + Incorrect email or password. + Incorrect email or password. + Your password has expired. + Incorrect email or password. + Looks like you used an old password. + Invalid username or password. + Your account has been locked. Contact your support person to unlock it, then try again. + Your account is temporarily locked to prevent unauthorized use. Try again later. + There are too many requests at this moment. Please wait for some time and try again. + + + + + + + Display Name + Your display name. + Surname + Your surname (also known as family name or last name). + Given Name + Your given name (also known as first name). + Continue + Cancel + + + + + + + + Call Me + Country Code + The user has canceled multi-factor authentication + Send a new code + \d{6} + We have the following number on record for you. We can send a code via SMS or phone to authenticate you. + We have the following numbers on record for you. Choose a number that we can phone or send a code via SMS to authenticate you. + Verify Code + Please enter the verification code you received + Please enter the code you received + Cancel + Phone number + Retry + I don't have my phone + We have the following numbers on record for you. Choose a number that we can phone to authenticate you. + We have the following number on record for you. We will phone to authenticate you. + Enter your verification code below, or + Enter a number below that we can phone to authenticate you. + Enter a number below that we can send a code via SMS to authenticate you. + Send Code + Please enter a valid phone number + We have the following number on record for you. We will send a code via SMS to authenticate you. + Enter a number below that we can send a code via SMS or phone to authenticate you. + ^\+(?:[0-9][\x20-]?){6,14}[0-9]$ + We have the following numbers on record for you. Choose a number that we can send a code via SMS to authenticate you. + Please select your country code + Please enter your phone number + Country or region + Phone Number + The phone number you provided is busy or unavailable. Please check the number and try again. + You hit the limit on the number of text messages. Try again shortly. + You hit the limit on the number of call attempts. Try again shortly. + You hit the limit on the number of verification attempts. Try again shortly. + The verification code you have entered does not match our records. Please try again, or request a new code. + {"DEFAULT":"Country/Region","AF":"Afghanistan","AX":"Åland Islands","AL":"Albania","DZ":"Algeria","AS":"American Samoa","AD":"Andorra","AO":"Angola","AI":"Anguilla","AQ":"Antarctica","AG":"Antigua and Barbuda","AR":"Argentina","AM":"Armenia","AW":"Aruba","AU":"Australia","AT":"Austria","AZ":"Azerbaijan","BS":"Bahamas","BH":"Bahrain","BD":"Bangladesh","BB":"Barbados","BY":"Belarus","BE":"Belgium","BZ":"Belize","BJ":"Benin","BM":"Bermuda","BT":"Bhutan","BO":"Bolivia","BQ":"Bonaire","BA":"Bosnia and Herzegovina","BW":"Botswana","BV":"Bouvet Island","BR":"Brazil","IO":"British Indian Ocean Territory","VG":"British Virgin Islands","BN":"Brunei","BG":"Bulgaria","BF":"Burkina Faso","BI":"Burundi","CV":"Cabo Verde","KH":"Cambodia","CM":"Cameroon","CA":"Canada","KY":"Cayman Islands","CF":"Central African Republic","TD":"Chad","CL":"Chile","CN":"China","CX":"Christmas Island","CC":"Cocos (Keeling) Islands","CO":"Colombia","KM":"Comoros","CG":"Congo","CD":"Congo (DRC)","CK":"Cook Islands","CR":"Costa Rica","CI":"Côte d'Ivoire","HR":"Croatia","CU":"Cuba","CW":"Curaçao","CY":"Cyprus","CZ":"Czech Republic","DK":"Denmark","DJ":"Djibouti","DM":"Dominica","DO":"Dominican Republic","EC":"Ecuador","EG":"Egypt","SV":"El Salvador","GQ":"Equatorial Guinea","ER":"Eritrea","EE":"Estonia","ET":"Ethiopia","FK":"Falkland Islands","FO":"Faroe Islands","FJ":"Fiji","FI":"Finland","FR":"France","GF":"French Guiana","PF":"French Polynesia","TF":"French Southern Territories","GA":"Gabon","GM":"Gambia","GE":"Georgia","DE":"Germany","GH":"Ghana","GI":"Gibraltar","GR":"Greece","GL":"Greenland","GD":"Grenada","GP":"Guadeloupe","GU":"Guam","GT":"Guatemala","GG":"Guernsey","GN":"Guinea","GW":"Guinea-Bissau","GY":"Guyana","HT":"Haiti","HM":"Heard Island and McDonald Islands","HN":"Honduras","HK":"Hong Kong SAR","HU":"Hungary","IS":"Iceland","IN":"India","ID":"Indonesia","IR":"Iran","IQ":"Iraq","IE":"Ireland","IM":"Isle of Man","IL":"Israel","IT":"Italy","JM":"Jamaica","JP":"Japan","JE":"Jersey","JO":"Jordan","KZ":"Kazakhstan","KE":"Kenya","KI":"Kiribati","KR":"Korea","KW":"Kuwait","KG":"Kyrgyzstan","LA":"Laos","LV":"Latvia","LB":"Lebanon","LS":"Lesotho","LR":"Liberia","LY":"Libya","LI":"Liechtenstein","LT":"Lithuania","LU":"Luxembourg","MO":"Macao SAR","MK":"North Macedonia","MG":"Madagascar","MW":"Malawi","MY":"Malaysia","MV":"Maldives","ML":"Mali","MT":"Malta","MH":"Marshall Islands","MQ":"Martinique","MR":"Mauritania","MU":"Mauritius","YT":"Mayotte","MX":"Mexico","FM":"Micronesia","MD":"Moldova","MC":"Monaco","MN":"Mongolia","ME":"Montenegro","MS":"Montserrat","MA":"Morocco","MZ":"Mozambique","MM":"Myanmar","NA":"Namibia","NR":"Nauru","NP":"Nepal","NL":"Netherlands","NC":"New Caledonia","NZ":"New Zealand","NI":"Nicaragua","NE":"Niger","NG":"Nigeria","NU":"Niue","NF":"Norfolk Island","KP":"North Korea","MP":"Northern Mariana Islands","NO":"Norway","OM":"Oman","PK":"Pakistan","PW":"Palau","PS":"Palestinian Authority","PA":"Panama","PG":"Papua New Guinea","PY":"Paraguay","PE":"Peru","PH":"Philippines","PN":"Pitcairn Islands","PL":"Poland","PT":"Portugal","PR":"Puerto Rico","QA":"Qatar","RE":"Réunion","RO":"Romania","RU":"Russia","RW":"Rwanda","BL":"Saint Barthélemy","KN":"Saint Kitts and Nevis","LC":"Saint Lucia","MF":"Saint Martin","PM":"Saint Pierre and Miquelon","VC":"Saint Vincent and the Grenadines","WS":"Samoa","SM":"San Marino","ST":"São Tomé and Príncipe","SA":"Saudi Arabia","SN":"Senegal","RS":"Serbia","SC":"Seychelles","SL":"Sierra Leone","SG":"Singapore","SX":"Sint Maarten","SK":"Slovakia","SI":"Slovenia","SB":"Solomon Islands","SO":"Somalia","ZA":"South Africa","GS":"South Georgia and South Sandwich Islands","SS":"South Sudan","ES":"Spain","LK":"Sri Lanka","SH":"St Helena, Ascension, Tristan da Cunha","SD":"Sudan","SR":"Suriname","SJ":"Svalbard","SZ":"Swaziland","SE":"Sweden","CH":"Switzerland","SY":"Syria","TW":"Taiwan","TJ":"Tajikistan","TZ":"Tanzania","TH":"Thailand","TL":"Timor-Leste","TG":"Togo","TK":"Tokelau","TO":"Tonga","TT":"Trinidad and Tobago","TN":"Tunisia","TR":"Turkey","TM":"Turkmenistan","TC":"Turks and Caicos Islands","TV":"Tuvalu","UM":"U.S. Outlying Islands","VI":"U.S. Virgin Islands","UG":"Uganda","UA":"Ukraine","AE":"United Arab Emirates","GB":"United Kingdom","US":"United States","UY":"Uruguay","UZ":"Uzbekistan","VU":"Vanuatu","VA":"Vatican City","VE":"Venezuela","VN":"Vietnam","WF":"Wallis and Futuna","YE":"Yemen","ZM":"Zambia","ZW":"Zimbabwe"} + The phone number you provided is unreachable. + User has exceeded the number of retry attempts. + Verification code + Phone Number + + + + + + + + \ No newline at end of file diff --git a/b2c/custom_policies/prod/B2C_1A_UserInfo.xml b/b2c/custom_policies/prod/B2C_1A_UserInfo.xml new file mode 100644 index 00000000..9edf7ce3 --- /dev/null +++ b/b2c/custom_policies/prod/B2C_1A_UserInfo.xml @@ -0,0 +1,23 @@ + + + + + hmctsprodextid.onmicrosoft.com + B2C_1A_TrustFrameworkExtensions + + + + + + + + diff --git a/b2c/custom_policies/prod/ProfileEdit.xml b/b2c/custom_policies/prod/ProfileEdit.xml deleted file mode 100644 index d39e76d0..00000000 --- a/b2c/custom_policies/prod/ProfileEdit.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - hmctsprodextid.onmicrosoft.com - B2C_1A_TrustFrameworkExtensions - - - - - Absolute - 3600 - Allow - - - PolicyProfile - - - - - - - - - diff --git a/b2c/custom_policies/prod/SignUpOrSignin.xml b/b2c/custom_policies/prod/SignUpOrSignin.xml deleted file mode 100644 index 82d0d0d8..00000000 --- a/b2c/custom_policies/prod/SignUpOrSignin.xml +++ /dev/null @@ -1,75 +0,0 @@ - - - hmctsprodextid.onmicrosoft.com - B2C_1A_TrustFrameworkExtensions - - - - - - - - - - - - - - - cjsm.net email addresses and shared email addresses, i.e. ones not specific to you (e.g. admin, support etc.), are not supported. Please enter a valid email address. - - - - - - - - - - - - - - - Absolute - 3600 - Allow - - - PolicyProfile - - - - - - - - - - - - - - - - diff --git a/b2c/custom_policies/prod/TrustFrameworkExtensions.xml b/b2c/custom_policies/prod/TrustFrameworkExtensions.xml deleted file mode 100644 index 312bb5c4..00000000 --- a/b2c/custom_policies/prod/TrustFrameworkExtensions.xml +++ /dev/null @@ -1,399 +0,0 @@ - - - - - hmctsprodextid.onmicrosoft.com - B2C_1A_TrustFrameworkLocalization - - - - - - isForgotPassword - boolean - Whether the user has selected Forgot your Password - - - Email Address - string - - Readonly - - - - - - - - - - - - - - - - - - - https://presaprod.blob.core.windows.net/pre-b2c-container/template.html - ~/common/default_page_error.html - urn:com:microsoft:aad:b2c:elements:contract:globalexception:1.2.1 - - ForgotPasswordExchange - - - - ~/tenant/templates/AzureBlue/idpSelector.cshtml - ~/common/default_page_error.html - urn:com:microsoft:aad:b2c:elements:contract:providerselection:1.2.1 - - Idp selection page - Sign in - - - - https://presaprod.blob.core.windows.net/pre-b2c-container/template.html - ~/common/default_page_error.html - urn:com:microsoft:aad:b2c:elements:contract:providerselection:1.2.1 - - Idp selection page - Sign up - - - - https://presaprod.blob.core.windows.net/pre-b2c-container/template.html - ~/common/default_page_error.html - urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.5 - - Signin and Signup - - - - https://presaprod.blob.core.windows.net/pre-b2c-container/template.html - ~/common/default_page_error.html - urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7 - - Collect information from user page - - - - https://presaprod.blob.core.windows.net/pre-b2c-container/template.html - ~/common/default_page_error.html - urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7 - - Collect information from user page - - - - https://presaprod.blob.core.windows.net/pre-b2c-container/template.html - ~/common/default_page_error.html - urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7 - - Local account sign up page - - - - https://presaprod.blob.core.windows.net/pre-b2c-container/template.html - ~/common/default_page_error.html - urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7 - - Local account change password page - - - - https://presaprod.blob.core.windows.net/pre-b2c-container/template.html - ~/common/default_page_error.html - urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7 - - Collect information from user page - - - - - - - - Local Account - - - Forgot your password? - - - - - - - - - ForgotPasswordExchange - false - - - - - - - - - - - - - Token Issuer - - - JSON Issuer - - JSON - - - - - - - - - - - - - - UserInfo authorization - - JWT - - - - https://hmctsprodextid.b2clogin.com/0f878b1e-f234-49e3-8be4-f8028cd364f2/v2.0/ - [ "22222222-2222-2222-2222-222222222222", "33333333-3333-3333-3333-333333333333" ] - urn:ietf:params:oauth:client-assertion-type:jwt-bearer - - - - - - - - - - - - - - bc77d15c-5991-44b5-93b9-303f5dce8df2 - 286718f3-dd4d-4cef-af64-8d2efba605e8 - - - - - - - - - - Validate Email on Sign In - - - - - - - - EmailVerifyOnSignIn - - - api.selfasserted - false - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - objectId - SkipThisOrchestrationStep - - - - - - - - - - - - isForgotPassword - SkipThisOrchestrationStep - - - - - - - - - - - - objectId - ea7978c4-da9a-42ae-ad9e-c5a93e7fa46d - SkipThisOrchestrationStep - - - objectId - 72778f3e-e09a-4711-96bf-c93dd8ef9a5a - SkipThisOrchestrationStep - - - isForgotPassword - SkipThisOrchestrationStep - - - isSignUp - SkipThisOrchestrationStep - - - - - - - - - - - - - objectId - SkipThisOrchestrationStep - - - - - - - - - - - - authenticationSource - socialIdpAuthentication - SkipThisOrchestrationStep - - - - - - - - - - - - - - - - - - - - - - - objectId - SkipThisOrchestrationStep - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/b2c/custom_policies/prod/TrustFrameworkLocalization.xml b/b2c/custom_policies/prod/TrustFrameworkLocalization.xml deleted file mode 100644 index 1e384a03..00000000 --- a/b2c/custom_policies/prod/TrustFrameworkLocalization.xml +++ /dev/null @@ -1,567 +0,0 @@ - - - hmctsprodextid.onmicrosoft.com - B2C_1A_TrustFrameworkBase - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - en - - - - Email Address - Sign in - Sign in - Password - Please enter your password - Please enter your {0} - Please enter a valid {0} - Sign up now - Sign up with {0} or {1} - Sign up with {0}, {1}, or {2} - Forgot your password? - Sign in - Don't have an account? - We are having trouble signing you in. Please try again later. - - Facebook - Incorrect email or password. - Incorrect email or password. - Your password has expired. - Incorrect email or password. - Looks like you used an old password. - Invalid username or password. - Your account has been locked. Contact your support person to unlock it, then try again. - Your account is temporarily locked to prevent unauthorized use. Try again later. - There are too many requests at this moment. Please wait for some time and try again. - - - - - - Email Address - Email address that can be used to contact you. - Please enter a valid email address. - Password - Enter new password - 8 or more characters, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ & * - _ + = [ ] { } | \ : ' , ? / ` ~ " ( ) ; . - Confirm Password - Confirm new password - 8 or more characters, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ & * - _ + = [ ] { } | \ : ' , ? / ` ~ " ( ) ; . - Display Name - Your display name. - Surname - Your surname (also known as family name or last name). - Given Name - Your given name (also known as first name). - Create - One or more fields are filled out incorrectly. Please check your entries and try again. - The password entry fields do not match. Please enter the same password in both fields and try again. - A required field is missing. Please fill out all required fields and try again. - What is this? - Please provide the following details. - Please wait - This information is required. - Cancel - Change e-mail - Send new code - Send verification code - Verify code - That code is expired. Please request a new code. - You've made too many incorrect attempts. Please try again later. - That code is incorrect. Please try again. - We are having trouble verifying your email address. Please enter a valid email address and try again. - There have been too many requests to verify this email address. Please wait a while, then try again. - Verification code has been sent to your inbox. Please copy it to the input box below. - Verification code - Verification is necessary. Please click Send button. - E-mail address verified. You can now continue. - There are too many requests at this moment. Please wait for some time and try again. - {0} has not been verified - There is an issue with your credentials, or you are already registered. Please check and retry. - Incorrect pattern for: {0} - {0} has invalid input. - Missing required element: {0} - Error in validation by: {0} - - - - - - You are already registered, please press the back button and sign in instead. - - - - - - Email Address - Email address that can be used to contact you. - Please enter a valid email address. - New Password - Enter new password - 8 or more characters, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ & * - _ + = [ ] { } | \ : ' , ? / ` ~ " ( ) ; . - Confirm New Password - Confirm new password - 8 or more characters, containing 3 out of 4 of the following: Lowercase characters, uppercase characters, digits (0-9), and one or more of the following symbols: @ # $ % ^ & * - _ + = [ ] { } | \ : ' , ? / ` ~ " ( ) ; . - The password entry fields do not match. Please enter the same password in both fields and try again. - One or more fields are filled out incorrectly. Please check your entries and try again. - Continue - Cancel - An account could not be found for the provided user ID. - Your account has been locked. Contact your support person to unlock it, then try again. - This information is required. - Change e-mail - Send new code - Send verification code - Verify code - That code is expired. Please request a new code. - You've made too many incorrect attempts. Please try again later. - That code is incorrect. Please try again. - We are having trouble verifying your email address. Please enter a valid email address and try again. - There have been too many requests to verify this email address. Please wait a while, then try again. - Verification code has been sent to your inbox. Please copy it to the input box below. - Verification code - Verification is necessary. Please click Send button. - E-mail address verified. You can now continue. - There are too many requests at this moment. Please wait for some time and try again. - {0} has not been verified - There is an issue with your credentials, or you are already registered. Please check and retry. - Incorrect pattern for: {0} - {0} has invalid input. - Missing required element: {0} - Error in validation by: {0} - - - - - - Sign in - Local Account Signin - Facebook - - - - - - Email Address - Password - Continue - Cancel - Incorrect email or password. - Incorrect email or password. - Your password has expired. - Incorrect email or password. - Looks like you used an old password. - Invalid username or password. - Your account has been locked. Contact your support person to unlock it, then try again. - Your account is temporarily locked to prevent unauthorized use. Try again later. - There are too many requests at this moment. Please wait for some time and try again. - - - - - - Display Name - Your display name. - Surname - Your surname (also known as family name or last name). - Given Name - Your given name (also known as first name). - Continue - Cancel - - - - - - From f5511cb8d8dd0ee6fb2b19ddecd1357dc482319e Mon Sep 17 00:00:00 2001 From: Jason Paige Date: Tue, 25 Nov 2025 13:35:06 +0000 Subject: [PATCH 2/5] allow pipeline to be run on prod --- .github/workflows/b2c_custom_policiesV2.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/b2c_custom_policiesV2.yml b/.github/workflows/b2c_custom_policiesV2.yml index 46fd18a9..c13f3d0a 100644 --- a/.github/workflows/b2c_custom_policiesV2.yml +++ b/.github/workflows/b2c_custom_policiesV2.yml @@ -13,6 +13,7 @@ on: - stg - test - demo + - prod jobs: build-and-deploy: From e3e0d32209ea3b55e348acff0ceeec59ab8c99a9 Mon Sep 17 00:00:00 2001 From: Jason Paige Date: Wed, 26 Nov 2025 11:57:04 +0000 Subject: [PATCH 3/5] Different naming convention for prod apim --- b2c/custom_policies/demo/B2C_1A_TrustFrameworkExtensions.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/b2c/custom_policies/demo/B2C_1A_TrustFrameworkExtensions.xml b/b2c/custom_policies/demo/B2C_1A_TrustFrameworkExtensions.xml index 5c6637a6..3776bbac 100644 --- a/b2c/custom_policies/demo/B2C_1A_TrustFrameworkExtensions.xml +++ b/b2c/custom_policies/demo/B2C_1A_TrustFrameworkExtensions.xml @@ -311,7 +311,7 @@ - https://sds-api-mgmt.staging.platform.hmcts.net/pre-api-b2c/b2c/email-verification + https://sds-api-mgmt.platform.hmcts.net/pre-api-b2c/b2c/email-verification Body Bearer From 722fa5c87a74317e3c5c9bb14cff2edca36605c8 Mon Sep 17 00:00:00 2001 From: Jason Paige Date: Wed, 3 Dec 2025 13:25:52 +0000 Subject: [PATCH 4/5] fix for missing email claim in signup --- .../demo/B2C_1A_SignUpOrSignin.xml | 23 +++++++++-- .../dev/B2C_1A_SignUpOrSignin.xml | 23 +++++++++-- .../prod/B2C_1A_SignUpOrSignin.xml | 23 +++++++++-- .../stg/B2C_1A_SignUpOrSignin.xml | 40 +++++++++++++------ .../test/B2C_1A_SignUpOrSignin.xml | 23 +++++++++-- 5 files changed, 108 insertions(+), 24 deletions(-) diff --git a/b2c/custom_policies/demo/B2C_1A_SignUpOrSignin.xml b/b2c/custom_policies/demo/B2C_1A_SignUpOrSignin.xml index 1a21d987..6602165a 100644 --- a/b2c/custom_policies/demo/B2C_1A_SignUpOrSignin.xml +++ b/b2c/custom_policies/demo/B2C_1A_SignUpOrSignin.xml @@ -107,8 +107,26 @@ - - + + + + + + isForgotPassword + SkipThisOrchestrationStep + + + isSignUp + SkipThisOrchestrationStep + + + + + + + + + @@ -230,7 +248,6 @@ PolicyProfile - diff --git a/b2c/custom_policies/dev/B2C_1A_SignUpOrSignin.xml b/b2c/custom_policies/dev/B2C_1A_SignUpOrSignin.xml index 72ffd571..2bd23649 100644 --- a/b2c/custom_policies/dev/B2C_1A_SignUpOrSignin.xml +++ b/b2c/custom_policies/dev/B2C_1A_SignUpOrSignin.xml @@ -108,8 +108,26 @@ - - + + + + + + isForgotPassword + SkipThisOrchestrationStep + + + isSignUp + SkipThisOrchestrationStep + + + + + + + + + @@ -231,7 +249,6 @@ PolicyProfile - diff --git a/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml b/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml index 0fcecdd0..086329c1 100644 --- a/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml +++ b/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml @@ -107,8 +107,26 @@ - - + + + + + + isForgotPassword + SkipThisOrchestrationStep + + + isSignUp + SkipThisOrchestrationStep + + + + + + + + + @@ -230,7 +248,6 @@ PolicyProfile - diff --git a/b2c/custom_policies/stg/B2C_1A_SignUpOrSignin.xml b/b2c/custom_policies/stg/B2C_1A_SignUpOrSignin.xml index 9f80a134..c4c035c8 100644 --- a/b2c/custom_policies/stg/B2C_1A_SignUpOrSignin.xml +++ b/b2c/custom_policies/stg/B2C_1A_SignUpOrSignin.xml @@ -27,8 +27,8 @@ @@ -43,8 +43,8 @@ @@ -281,8 +281,25 @@ - - + + + + + isForgotPassword + SkipThisOrchestrationStep + + + isSignUp + SkipThisOrchestrationStep + + + + + + + + + @@ -393,18 +410,17 @@ Absolute 3600 + TelemetryEngine="ApplicationInsights" + InstrumentationKey="77d9d14f-455b-4f3e-ab9e-f60c7bf85e6c" + DeveloperMode="true" + ClientEnabled="true" + ServerEnabled="true" /> Allow PolicyProfile - diff --git a/b2c/custom_policies/test/B2C_1A_SignUpOrSignin.xml b/b2c/custom_policies/test/B2C_1A_SignUpOrSignin.xml index 30ac49b2..2ce08e34 100644 --- a/b2c/custom_policies/test/B2C_1A_SignUpOrSignin.xml +++ b/b2c/custom_policies/test/B2C_1A_SignUpOrSignin.xml @@ -108,8 +108,26 @@ - - + + + + + + isForgotPassword + SkipThisOrchestrationStep + + + isSignUp + SkipThisOrchestrationStep + + + + + + + + + @@ -231,7 +249,6 @@ PolicyProfile - From 1d158f5390661d600f07fa39674b8deb8aaf4434 Mon Sep 17 00:00:00 2001 From: Jason Paige Date: Wed, 3 Dec 2025 13:38:05 +0000 Subject: [PATCH 5/5] prod smoke user --- b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml b/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml index 086329c1..08aaed46 100644 --- a/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml +++ b/b2c/custom_policies/prod/B2C_1A_SignUpOrSignin.xml @@ -75,7 +75,12 @@ objectId - 647ef962-b03f-40fa-b9a0-df5243bc8334 + ea7978c4-da9a-42ae-ad9e-c5a93e7fa46d + SkipThisOrchestrationStep + + + objectId + 72778f3e-e09a-4711-96bf-c93dd8ef9a5a SkipThisOrchestrationStep