I've followed the steps from https://docs.microsoft.com/en-us/azure/active-directory-b2c/saml-service-provider?tabs=windows&pivots=b2c-custom-policy
While testing receiiving the error "Application registered corresponding to IssuerUri "">https://xyz.com/suite" in AuthRequest does not have assertion consumer service URL "">xyz.com/.../AssertionConsumer" specified in its metadata.</samlp:StatusMessage>"
SAML Request:
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="">xyz.com/.../AssertionConsumer" Destination="https://<tenantname>.b2clogin.com/<tenantname>.onmicrosoft.com/B2C_1A_signup_signin/samlp/sso/login" ID="_39d15c6a-1234-4d48-9ea6-625375271234" IssueInstant="2021-07-23T15:10:23.070Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="">https://xyz.com/suite" Version="2.0" >
SAML Response:
<samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="">www.w3.org/.../XMLSchema-instance" ID="_a35d337b-dd47-4fdd-a0f1-9c40f97bda22" InResponseTo="_39d15c6a-1234-4d48-9ea6-625375271234" Version="2.0" IssueInstant="2021-07-23T15:10:23.6766184Z" Destination="">xyz.com/.../AssertionConsumer" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" >
MS document says: If you choose to configure the reply URL and logout URL in the application manifest without populating the application's metadata endpoint via the samlMetadataUrl property, Azure AD B2C will not validate the SAML request signature, nor will it encrypt the SAML response.
samlMetadataUrl
Workaround could be,specifying the PartnerEntity in the SP metadata URL for the Relying Party in the B2C_1A_signup_signin_saml custom policy?
<Metadata>
<Item Key="PartnerEntity"><samltestapp2.azurewebsites.net/.../Item>
</Metadata>
Do I need to host the SP / Appian SAML metadata file on Azure Storage account OR some endpoint to refer from Idp application registration manifest?
Thanks.
Discussion posts and replies are publicly visible