Hi @Derosier, Conner R ,
I have reached out to the B2C team for a description of the error itself since it doesn't appear to be documented, but in the meantime wanted to provide the following troubleshooting steps:
1) I have seen this issue when there is a combination of inflation + decryption of the SAML assertions. If the SAML SP application is requiring the response to be inflated and B2C is sending Deflated SAML, you may face this issue. If the issue does not persist after disabling SAML assertion encryption, this could very well be the problem.
B2C will always send base 64 encoded deflated SAML responses. The app would need to base 64 decode and SAML inflate the response.
Is the app providing a specific error about the format the SAML Response is in? (Inflated vs Deflated)
Does the app not support base 64 decode\SAML inflation? If not, then this would be a limitation of the app that would need to be investigated.
2) If you want to use AAD B2C as IDP, normally you should create a signing certificate in B2C (With private key) for the SAML response. You could refer to this document and check the using certificate and key from both B2C and app side.
For Azure AD B2C to accept a .pfx file password, the password must be encrypted with the TripleDES-SHA1 option in the Windows Certificate Store Export utility, as opposed to AES256-SHA256.
Let me know if this applies to your situation. I've also reached out to the B2C team to collect more details around this error and will post back with the details.
-
If the information provided helped isolate your issue, please Accept the answer. This will help us as well as others in the community who might be researching similar information.