i need to setup azure b2c application with SAML protocol. but when trying to sign in, i received below saml response error called "Application registered corresponding to IssuerUri "Abc" in AuthRequest does not have assertion consumer service URL"
following are the steps that i followed,
1 - created a RSA policy key called "B2C_1A_SPSAMLApp"
2 - created new user flow for email signin
- user flow name - B2C_1_SAML_SIGNIN
3 - created a b2c application called "IMPSAML"
4 - uploaded TrustFrameworkBase.xml
- used offical github base xml file and update below xml tag with newly created policy key. github source link
- <Key Id="issuer_secret" StorageReferenceId="B2C_1A_SPSAMLApp" />
- <Key Id="issuer_refresh_token_key" StorageReferenceId="B2C_1A_SPSAMLApp" />
5 - uploaded below TrustFrameworkExtensions.xml file
<?xml version="1.0" encoding="utf-8" ?>
<TrustFrameworkPolicy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
PolicySchemaVersion="0.3.0.0"
TenantId="abc.onmicrosoft.com"
PolicyId="B2C_1A_TrustFrameworkExtensions"
PublicPolicyUri="http://abc.onmicrosoft.com/B2C_1A_TrustFrameworkExtensions">
<BasePolicy>
<TenantId>abc.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkBase</PolicyId>
</BasePolicy>
<BuildingBlocks>
</BuildingBlocks>
<ClaimsProviders>
<ClaimsProvider>
<DisplayName>IMPSAML</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="IMPSAML">
<DisplayName>Sales Application</DisplayName>
<Protocol Name="SAML2"/>
<OutputTokenFormat>SAML2</OutputTokenFormat>
<CryptographicKeys>
<Key Id="SamlAssertionSigning" StorageReferenceId="B2C_1A_SPSAMLApp"/>
<Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SPSAMLApp"/>
</CryptographicKeys>
<InputClaims/>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml-issuer"/>
</TechnicalProfile>
<TechnicalProfile Id="SM-Saml-issuer">
<DisplayName>Session Management Provider</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.SamlSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
</ClaimsProviders>
</TrustFrameworkPolicy>
6 - uploaded below SPSAMLAPP.xml file for user signin
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
PolicySchemaVersion="0.3.0.0"
TenantId="abc.onmicrosoft.com"
PolicyId="B2C_1A_SPSAMLApp"
PublicPolicyUri="http://abc.onmicrosoft.com/B2C_1A_SPSAMLApp">
<BasePolicy>
<TenantId>abc.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensions</PolicyId>
</BasePolicy>
<UserJourneys>
<UserJourney Id="B2C_1_SAML_SIGNIN">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="IMPSAML">
</OrchestrationStep>
</OrchestrationSteps>
</UserJourney>
</UserJourneys>
<RelyingParty>
<DefaultUserJourney ReferenceId="B2C_1_SAML_SIGNIN" />
<TechnicalProfile Id="PolicyProfile">
<DisplayName>PolicyProfile</DisplayName>
<Protocol Name="SAML2"/>
<Metadata>
<Item Key="IssuerUri">https://abc.b2clogin.com/abc.onmicrosoft.com/B2C_1A_SPSAMLApp</Item>
</Metadata>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="email" DefaultValue="" />
</OutputClaims>
<SubjectNamingInfo ClaimType="http://schemas.microsoft.com/identity/claims/objectidentifier" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" ExcludeAsClaim="true"/>
</TechnicalProfile>
</RelyingParty>
</TrustFrameworkPolicy>
7 - updated menifest.json
{
"id": "xxxxxxxxxxxxxxxxxxx",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": 2,
"addIns": [],
"allowPublicClient": null,
"appId": "xxxxxxxxxxxxxxxxxxx",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2023-07-28T07:24:33Z",
"description": null,
"certification": null,
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [
"Abc"
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "IMPSAML",
"notes": null,
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [],
"preAuthorizedApplications": [],
"publisherDomain": "abc.onmicrosoft.com",
"replyUrlsWithType": [
{
"url": "https://abc.com/api-gateway/auth-method/acs",
"type": "Web"
},
{
"url": "https://samltestapp2.azurewebsites.net/SP/AssertionConsumer",
"type": "Web"
}
],
"requiredResourceAccess": [],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADMyOrg",
"tags": [],
"tokenEncryptionKeyId": null
}