question

JavierSassen-8090 avatar image
0 Votes"
JavierSassen-8090 asked ·

How to sign assertion only Azure AD B2C as IdP using Custom Policy SAML

I'm trying to setup Qlik Sense SSO using Azure AD B2C as SAML IdP. I followed all steps in https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers but my SP requires the assertion to be signed. Is it possible to do this using the custom policies?

Thanks in advance!

azure-ad-b2cazure-ad-authentication-protocolsazure-ad-single-sign-on
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@JavierSassen-8090 If you have followed all instructions mention in https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers, you should get signed SAML assertion only. The SAML Assertion key (highlighted below) is used for this purpose:

2771-untitled.png


Please "Accept as answer" wherever the information provided helps you to help others in the community.


untitled.png (24.2 KiB)
· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Unfortunately this doesn't solve my issues. When comparing SAML Response generated by AAD (which works) and the response generated by B2C custom policy (this response doesn't work) I see different orders:

2753-differences-saml-responses.png

Could you possibly help me any further?

0 Votes 0 · ·

@JavierSassen-8090 I don't think order should cause any issue here.

I would suggest you to start debugging from the application side as the token is issued by B2C and the application is failing to consume that token. Starting by looking into the application logs would help narrowing down the issue. The problem can be due to signature algorithm as I can see AAD is using rsa-sha256 and B2C is using rsa-sha1 but that's a wild guess.

0 Votes 0 · ·