Azure AD B2C SAML Custom Policy Certificate Error

Aman Thakur 1 Reputation point
2020-08-17T16:33:13.333+00:00

Hi Guys,

I am having hard time accessing the Custom Policy that I have hosted on Azure B2C. I am able to generate the metadata for the policy successfully.

I am using SAML2 protocol.

But when my application tries to redirect towards the custom user flow. It is throwing a certificate error below:

System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate CN=ITMS.TechMDE.onmicrosoft.com is not in the trusted people store. The X.509 certificate CN=ITMS.TechMDE.onmicrosoft.com chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Any suggestions or help would be appreciated.

Thanks

Regards

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,852 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,636 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,438 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2020-08-18T08:35:54.54+00:00

    Hello @Aman Thakur Are you following the instructions mentioned here: Register a SAML application in Azure AD B2C? Have you uploaded the certificate to Azure AD B2C > Identity Experience Framework > Policy keys as mentioned under 1.2 Upload the certificate section?

    Also, make sure that the technical profile for SAML in the custom policy files is updated with correct key container name, where you have uploaded the certificate.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.