Using this you can add providers that use either SAML or OpenID Connect.
So ADFS 4.0 was a good candidate for OIDC.
As per my SO question:
"I have ADFS 4.0 on an Azure VM and am trying to add ADFS as a provider to my Azure AD B2C tenant.
I have set up all the custom policies.
I am using OpenID Connect as the protocol.
My ADFS SSL certificate is self-signed and I have certificate rollover for the encryption and signing certificates.
The error I get in Application Insights is:
I have set up all the custom policies.
I am using OpenID Connect as the protocol.
My ADFS SSL certificate is self-signed and I have certificate rollover for the encryption and signing certificates.
The error I get in Application Insights is:
Exception {"Kind":"Handled","HResult":"80131501",
"Message":"The remote certificate is invalid according to the validation procedure.","Data":{}} Kind Handled HResult 80131501
Message The remote certificate is invalid according to the validation procedure.
I battled for hours trying to get this to work before asking the question.
Turns out:
"Your ADFS needs to have a valid SSL cert signed by the standard Certificate Authorities in order for Azure AD B2C to communicate with it".
So no self-signed. As this was a proof on concept, I'm not intending to go out and buy a certificate. This is further complicated by the fact that you can't buy a certificate for xxx.cloudapp.net!
Tip - to debug the custom policies you need Application Insights. Without that, your chances of solving the issues are effectively zero.
Enjoy!
No comments:
Post a Comment