With the advent of custom policies, this is now doable.
Essentially, forget about using B2C as it's supposed to be used i.e. external customer registration and self service password reset.
Just use it as a hub / identity router.
You can configure a policy e.g. sign up / sign in to handle any number of IDP as long as they support OpenID Connect or SAML 2.0. Each of these is configured via XML in the custom policies. Each has a login button on the landing page.
You could almost think of B2C as acting as a pseudo Home Realm Discovery page.
B2C can be branded so it could have the same look and feel as the rest of the corporate pages.
e.g. this is my PoC page.
It allows you to sign up with Facebook, ADFS or Azure AD.
Downstream B2C only allows OpenID Connect so the path would be e.g.
Application --> OIDC --> B2C --> OIDC --> Facebook
--> SAML --> ADFS
--> OIDC --> AAD
Or if you wanted lots of social providers, you could go OIDC to something like Auth0 and then use their large array of social providers.
So it's pretty much ACS++!
WS-Fed support is on the way.
Enjoy!
No comments:
Post a Comment