search

Azure-Samples / active-directory-b2c-advanced-policies

Sample for use with Azure AD B2C with Custom Policies.
http://aka.ms/aadb2ccustom
MIT License
217 stars 145 forks source link

B2C SAML response with incorrect entityID #53

Closed klogan12 closed 5 years ago

klogan12 commented 5 years ago

I have configured Azure B2C as my SAML provider using the steps mentioned here.

XML i got from here https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/policy-name/Samlp/metadata have entity ID as below https://login.microsoftonline.com/cvtrial.onmicrosoft.com/B2C_1A_signup_signinsaml

But when a user attempts login from SP , the SAML response contains different uri in entity field. one embedded with "/te" https://login.microsoftonline.com/te/cvtrial.onmicrosoft.com/B2C_1A_signup_signinsaml

For me to proceed , i have edited IDP metadata XML to include this te and updated on SP. Then it worked.

soorajpayyoor commented 5 years ago

You don't need to edit the IdP Metadata. Here's the step you can follow:

  1. Override the issuerUri parameter of SAML Assertion TP in your RP Policy (I believe you have defined the SAML Assertion TP in the Base/EXT Policy. In your case, the RP policy is B2C_1A_signup_signinsaml) like below: `

    SAML Token Issuer SAML Token Issuer https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/B2C_1A_signup_signinsaml

    `

  2. Save and Upload the Policy

  3. Now get the IdP Metadata from https://tenant-name.b2clogin.com/tenant-name.onmicrosoft.com/B2C_1A_signup_signinsaml/samlp/metadata

klogan12 commented 5 years ago

Got it , thanks for the response!