Azure AD B2C API Connector doesn't send X-ARR-ClientCert header

Question

Hello,

In my Azure AD B2C, I've configured such API connector:

Then, I've included this API connector in my Sign In user flow.

I've tried to create a simple Node.JS application running in Azure Container Apps, for which I chose Client certificate mode to Required in the Ingress settings:

However, it seems like when I run my user flow, my ACA doesn't even get any request. I tried switching the client certificate mode to Accept and then I receive a request, but the X-ARR-ClientCert is missing, instead I receive x-forwarded-client-cert header which contains some certificates. Sample code of my ACA:

https://gist.github.com/kubop/33964fab65c532eb50f1a008de23f647

I've also tried to use Azure App Service (containerized), without any luck as well.

Answer 1

@Jakub Pernica

Thank you for posting your query on Microsoft Q&A, seems like there is an issue while calling the endpoint.

In your code you have allowed access over HTTP:

const http = require('http');

As per Configure TLS mutual authentication for Azure App Service If you access your site over HTTP and not HTTPS, you will not receive any client certificate. So if your application requires client certificates, you should not allow requests to your application over HTTP.

Or try to follow the Node.js sample

Thanks,

Akshay Kaushik

Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.