Troubleshooting Azure B2C MFA Integration with Application

Question

Troubleshooting Azure B2C MFA Integration with Application

Paulina Romanova 0

I am setting up Azure B2C integration with our application. I want to enable two-factor authentication (MFA) where the user can choose between phone or email for the verification process. When I select MFA via phone and enter the code I receive, I am unable to proceed further into the application, and I get an error message: "504 Gateway Time-out The server didn't respond in time." I followed the Azure B2C setup instructions for the policy, so I’m unsure where the issue lies. There was also an earlier problem where the system wouldn’t let me proceed and kept redirecting me back to the MFA selection page. Can you help me resolve this?
Policy Azure B2C:

  <OrchestrationSteps>

    <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">

      <ClaimsProviderSelections>

        <!-- <ClaimsProviderSelection TargetClaimsExchangeId="FacebookExchange"/> -->

        <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />

      </ClaimsProviderSelections>

      <ClaimsExchanges>

        <ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />

      </ClaimsExchanges>

    </OrchestrationStep>

    <!-- Check if the user has selected to sign in using one of the social providers -->

    <OrchestrationStep Order="2" Type="ClaimsExchange">

      <Preconditions>

        <Precondition Type="ClaimsExist" ExecuteActionsIf="true">

          <Value>objectId</Value>

          <Action>SkipThisOrchestrationStep</Action>

        </Precondition>

      </Preconditions>

      <ClaimsExchanges>

        <!-- <ClaimsExchange Id="FacebookExchange" TechnicalProfileReferenceId="Facebook-OAUTH"/> -->

        <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />

      </ClaimsExchanges>

    </OrchestrationStep>

   

  

  

    <!--Sample: If uses is enrolled for MFA, ask the user to select the preferred method-->

    <OrchestrationStep Order="3" Type="ClaimsExchange">

      <Preconditions>

        <Precondition Type="ClaimsExist" ExecuteActionsIf="true">

          <Value>extension_mfaByPhoneOrEmail</Value>

          <Action>SkipThisOrchestrationStep</Action>

        </Precondition>

      </Preconditions>

      <ClaimsExchanges>

        <ClaimsExchange Id="SelfAsserted-Select-MFA-Method" TechnicalProfileReferenceId="SelfAsserted-Select-MFA-Method" />

      </ClaimsExchanges>

    </OrchestrationStep>

    <!-- Throw error if control was bypassed -->

    <OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="Return-MFA-Method-Incorrect-Error">

      <Preconditions>

        <Precondition Type="ClaimEquals" ExecuteActionsIf="true">

          <Value>extension_mfaByPhoneOrEmail</Value>

          <Value>email</Value>

          <Action>SkipThisOrchestrationStep</Action>

        </Precondition>

        <Precondition Type="ClaimEquals" ExecuteActionsIf="true">

          <Value>extension_mfaByPhoneOrEmail</Value>

          <Value>phone</Value>

          <Action>SkipThisOrchestrationStep</Action>

        </Precondition>

      </Preconditions>

    </OrchestrationStep>

    <!-- Phone verification: If MFA is not required, the next three steps (#5-#7) should be removed.

         This step checks whether there's a phone number on record,  for the user. If found, then the user is challenged to verify it. -->

    <OrchestrationStep Order="5" Type="ClaimsExchange">

      <Preconditions>

        <Precondition Type="ClaimsExist" ExecuteActionsIf="true">

          <Value>isActiveMFASession</Value>

          <Action>SkipThisOrchestrationStep</Action>

        </Precondition>

        <!--Sample: If the preferred MFA method is not 'phone' skip this orchestration step-->

        <Precondition Type="ClaimEquals" ExecuteActionsIf="false">

          <Value>extension_mfaByPhoneOrEmail</Value>

          <Value>phone</Value>

          <Action>SkipThisOrchestrationStep</Action>

        </Precondition>

      </Preconditions>

      <ClaimsExchanges>

        <ClaimsExchange Id="PhoneFactor-Verify" TechnicalProfileReferenceId="PhoneFactor-InputOrVerify" />

      </ClaimsExchanges>

    </OrchestrationStep>

    <!-- Save MFA phone number: The precondition verifies whether the user provided a new number in the 

         previous step. If so, then the phone number is stored in the directory for future authentication 

         requests. -->

    <OrchestrationStep Order="6" Type="ClaimsExchange">

      <Preconditions>

        <Precondition Type="ClaimsExist" ExecuteActionsIf="false">

          <Value>newPhoneNumberEntered</Value>

          <Action>SkipThisOrchestrationStep</Action>

        </Precondition>

      </Preconditions>

      <ClaimsExchanges>

        <ClaimsExchange Id="AADUserWriteWithObjectId" TechnicalProfileReferenceId="AAD-UserWritePhoneNumberUsingObjectId" />

      </ClaimsExchanges>

    </OrchestrationStep>

    <!--Sample: MFA with email-->

    <OrchestrationStep Order="7" Type="ClaimsExchange">

      <Preconditions>

        <Precondition Type="ClaimEquals" ExecuteActionsIf="false">

          <Value>extension_mfaByPhoneOrEmail</Value>

          <Value>email</Value>

          <Action>SkipThisOrchestrationStep</Action>

        </Precondition>

      </Preconditions>

      <ClaimsExchanges>

        <ClaimsExchange Id="Email-Verify" TechnicalProfileReferenceId="EmailVerifyOnSignIn" />

      </ClaimsExchanges>

    </OrchestrationStep> 

    <OrchestrationStep Order="8" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />

  </OrchestrationSteps>

  <ClientDefinition ReferenceId="DefaultWeb" />

</UserJourney>

Vigneshwar Duvva 410 Reputation points Microsoft External Staff

2025-04-22T00:35:32.32+00:00

Hello Paulina Romanova

When selecting multi-factor authentication via phone and entering the verification code, the application fails to proceed and displays the following error:

504 Gateway Time-out The server didn’t respond in time.

This appears to be caused by the request taking too long to complete. To assist with troubleshooting, could you please share the relevant policy configuration details with me directly over a private message?
Paulina Romanova 0 Reputation points

2025-04-22T09:40:57.09+00:00

Vigneshwar Duvva Where can I send the policies to you?
Vigneshwar Duvva 410 Reputation points Microsoft External Staff

2025-04-22T19:00:26.34+00:00

Hello Paulina Romanova

I have initiated the private message. Could you please check and respond there?
Vigneshwar Duvva 410 Reputation points Microsoft External Staff

2025-04-24T16:41:14.5166667+00:00

Hello Paulina Romanova

Yeah, received I am reviewing the policy.
Vigneshwar Duvva 410 Reputation points Microsoft External Staff

2025-04-28T18:12:22.15+00:00

Hello Paulina Romanova

We haven't heard back from you. Please reply if you have any questions in this matter and we will gladly continue the discussion.
Paulina Romanova 0 Reputation points

2025-04-29T14:20:04.79+00:00

Vigneshwar Duvva
i sent private message

1 answer

Your answer

Vigneshwar Duvva 410 Reputation points Microsoft External Staff

2025-04-22T00:35:32.32+00:00

Hello Paulina Romanova

When selecting multi-factor authentication via phone and entering the verification code, the application fails to proceed and displays the following error:

504 Gateway Time-out The server didn’t respond in time.

This appears to be caused by the request taking too long to complete. To assist with troubleshooting, could you please share the relevant policy configuration details with me directly over a private message?
Paulina Romanova 0 Reputation points

2025-04-22T09:40:57.09+00:00

Vigneshwar Duvva Where can I send the policies to you?
Vigneshwar Duvva 410 Reputation points Microsoft External Staff

2025-04-22T19:00:26.34+00:00

Hello Paulina Romanova

I have initiated the private message. Could you please check and respond there?
Vigneshwar Duvva 410 Reputation points Microsoft External Staff

2025-04-24T16:41:14.5166667+00:00

Hello Paulina Romanova

Yeah, received I am reviewing the policy.
Vigneshwar Duvva 410 Reputation points Microsoft External Staff

2025-04-28T18:12:22.15+00:00

Hello Paulina Romanova

We haven't heard back from you. Please reply if you have any questions in this matter and we will gladly continue the discussion.
Paulina Romanova 0 Reputation points

2025-04-29T14:20:04.79+00:00

Vigneshwar Duvva
i sent private message

Answer 1

Hello Paulina Romanova,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

Regarding your explanations and thread responses, I understand that you're having 504 Gateway Time-out error and the redirection issue.

This can actually be resolved and troubleshoot by yourself. You only need to follow detailed guides and resources provided by Microsoft below:

I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

Share via

Troubleshooting Azure B2C MFA Integration with Application

1 answer

Your answer