question

SakthiJeganathan-0745 avatar image
0 Votes"
SakthiJeganathan-0745 asked SakthiJeganathan-0745 commented

Azure AD B2C automation


Can i have resource or doc to automate saml certificate renewals and OIDC token renewals? Hope we cant do this through powershell. Please clarify

The OIDC token signing keys are generated manually with a begin date and an expiry date. The process for renewing is currently manual. This process must be automated, by triggering a new set of keys via the Microsoft Graph API.

The SAML message/assertion signing certificate is currently generated as a self signed cert with an expiry of 1 year. The process for renewing must be automated, generating a certificate and uploading it via the Microsoft Graph API.

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered SakthiJeganathan-0745 commented

Hi @SakthiJeganathan-0745 · Thank you for reaching out.

There is no out of box solution to automate this. You can refer Trust Framework policy keyset and Trust Framework policy key which include graph calls to upload certificates/keys to B2C Policy Keys container.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I know we can generate self signed certificate through powershell locally. Is that possible to do the same in automation account's powershell by mapping storage account to store the certificate and then send automation notification ? Want to know whether we can check certificate expiry date through powershell script to generate new certificate for renewal. Please advise.

0 Votes 0 ·