Connecting the SAMLTest application to Azure AD B2C as an IDP

There is a good article on this but I found a number of gotchas since the article is general in nature.

I got this working using the SP initiated custom policy referenced in the article and using the referenced SAML Test application.

The custom policy relies on the latest extension and base files from the starter kit (use “SocialAndLocalAccounts”).

If you haven’t set these up, follow these steps.

As usual, I have added the policies I used to get it working as a gist. You need to change “yourtenant” to the actual name of your B2C tenant and set up the Proxy and Identity client ID’s in the extension file as per the steps above.

In the custom SAML policy, for the Relying Party, change the metadata to:

<Metadata>
<!--Action required: Set the value PartnerEntity to URL of SP metadata or embed the metadata directly, using <![CDATA[]]>-->
<Item Key="PartnerEntity">https://samltestapp2.azurewebsites.net/Metadata</Item>

I wasn’t interested in a Facebook login so I just used a dummy ID in the extension file.

Note that the extension file calls a base policy of “B2C_1A_TrustFrameworkBaseSAMLTest” but this is just a direct copy of “B2C_1A_TrustFrameworkBase” so you can use that instead.

Following these policies, the SAML IDP metadata is then:

https://yourtenant.b2clogin.com/yourtenant.onmicrosoft.com/B2C_1A_SAML2_signup_signin/Samlp/metadata

In the application manifest, there was nothing under:

"identifierUris": [],

so I left it blank.

I updated:

"replyUrlsWithType": [
{
"url": "https://samltestapp2.azurewebsites.net   /SP/AssertionConsumer",
"type": "Web"
}
],

and:

"samlMetadataUrl": "https://samltestapp2.azurewebsites.net/Metadata",

as per the article.

For the test app., I used:

The issuer can be obtained from the metadata tab:

Running the test app. and after authenticating with a B2C local account:

All good!