How to sign assertion only Azure AD B2C as IdP using Custom Policy SAML

Javier Sassen 11 Reputation points
2020-02-10T10:59:14.553+00:00

I'm trying to setup Qlik Sense SSO using Azure AD B2C as SAML IdP. I followed all steps in https://learn.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers but my SP requires the assertion to be signed. Is it possible to do this using the custom policies?

Thanks in advance!

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

3 answers

Sort by: Most helpful
  1. Enric 6 Reputation points
    2020-12-18T15:44:14.627+00:00

    Hi @AmanpreetSingh-MSFT

    I think the AD B2C signs the response, not the assertion (as AD does)

    Theoretically, via B2C custom policies you can set the XmlSignatureAlgorithm metadata property in both, the reliyingparty/technicalprofile (it is related to the response)

    https://learn.microsoft.com/es-es/azure/active-directory-b2c/relyingparty#metadata

    And also ion the "ClaimsProvider" (it should be related to the asserton)

    https://learn.microsoft.com/es-es/azure/active-directory-b2c/saml-issuer-technical-profile#metadata

    But is lools like the assertion is never signed

    Question: is the "SamlAssertionSigning" key in the Claimsprovider doing something?

    By the way, the "SamlAssertionSigning" key is not mentioned in the documentation (https://learn.microsoft.com/es-es/azure/active-directory-b2c/saml-issuer-technical-profile#metadata) has something changed?

    1 person found this answer helpful.

  2. AmanpreetSingh-MSFT 56,871 Reputation points Moderator
    2020-02-10T11:46:31.883+00:00

    @Javier Sassen If you have followed all instructions mention in https://learn.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers, you should get signed SAML assertion only. The SAML Assertion key (highlighted below) is used for this purpose:

    2771-untitled.png

    -----------------------------------------------------------------------------------------------------------

    Please "Accept as answer" wherever the information provided helps you to help others in the community.


  3. Radosław Dudyk 1 Reputation point
    2020-07-24T12:51:23.753+00:00

    I have the same problem with Load Master .
    Did you resolve this problem?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.