azure-ad-b2c
Azure AD B2C: error for on-premise ad fs as SAML identity provider
I was trying to add our on-prem AD FS as SMAL identity provider in azure ad b2c. I followed this document and finished all steps.
Then I tried the Run now endpoint (from aad b2c custom policy), and clicked the new IDP button (MY AD FS), I got the error: AADB2C: Unable to connect to the metadata endpoint 'https://MY.ADFS.COM/federationmetadata/2007-06/federationmetadata.xml'
Some notes:
- I run the test from the AD FS Server machine
- I can access the metadata directly from URL https://MY.ADFS.COM/federationmetadata/2007-06/federationmetadata.xml in browser (on the AD FS Server machine)
Not sure what I'm missing. Does it matter the AD FS server is corpnet wide only? Please help
Solution
I got help from Microsoft. To resolve this error, just put the metadata file on a public storage so that B2C can access it.
- In Azure AD B2C who provides the ID token?
- Azure: Use App Gateway for Custom B2C Domain instead of Front Door
- How to add UAE Pass as identity provider to Azure AD B2C
- Configuration in Azure AD B2C for Custom Policies
- Azure B2C - Password Rules Not Reflecting (Signup + Password Reset)
- Need help getting Azure AD B2C SSO with Azure AD
- Azure Static Web App - Only Allow Authenticated Users (Entra, B2C)
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- How do I programmatically clear or update a phone number for Azure AD B2C MFA?
- B2C - How to override sign up now link (custom policy)
- Azure B2C IdP-Access Token fails with IDX10511: Signature validation failed
- B2C Sign-up screen shows {OIDC:LoginHint} instead of the login
- During signIn receiving B2C error code ‘AADB2C99059’
- Azure B2C / WPF - Handling a failed MFA verification flow
- Assign B2C User to ExternalAzureAD identity
- How to authenticate a user that was redirected to a web application from a desktop application
- AADB2C90304: User journey went into a bad state. Claims exchange with id 'LocalAccountSigninEmailExchange' could not be found in orchestration step
- "AADSTS900144: The request body must contain the following parameter: 'grant_type'.?
- Sign in to Azure B2C with an OpenID account (Microsoft Work email) but prevent user from signing up
- Azure b2c still authenticated after hitting logout
- Can Azure AD B2C send extension attributes without the extension prefix on a SAML token in a SAML IdP-initiated SSO flow?
- Azure B2C Signup page
- Azure B2C integration not working on app built using pwabuilder for iOS
- Azure AD B2C problem with Self-Service password reset
- use of b2clogin.com when acquiring token with Client Credential Grant Flow
- Azure B2C does not receive script information written in HTML files uploaded to storage
- Azure B2C: Edit Profile via a single page
- Azure b2c cutom policy signin validation profile
- Mendix and Azure Ad B2C AuthRequest does not have assertion consumer service URL
- Azure Active Directory B2C: How to query MS Graph to get a user's alternative security ID?