Need Azure AD B2C should act as authentication bridge between SiteMinder and application

Question

Need Azure AD B2C should act as authentication bridge between SiteMinder and application

Varadharaj, Silambarasan 0

Hello Team,

Part of our use case, we are trying to configure azure ad b2c as authentication bridge between SiteMinder and Application.

Example: We're trying to enable federation SSO on Salesforce by Azure AD B2C. And we still want our legacy tool (SiteMinder) should do the authentication.

User always should go with IDP-Initiated login flow.

Flow: Users -> SM -> B2C -> Salesforce

SiteMinder should do the authentication and send either SAML Or OIDC token to B2C, then B2C has to send the SAML response to Salesforce. Here, we need B2C should act as bridge.

Please advise.

Thanks and Regards, Silambarasan Varadharaj

JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator

2023-11-14T20:19:53.94+00:00

@Varadharaj, Silambarasan

I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2023-11-17T04:06:46.6833333+00:00

Hi @Varadharaj, Silambarasan ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Varadharaj, Silambarasan 0 Reputation points

2023-11-30T14:08:55.35+00:00

@Shweta Mathur as you suggested I did the SAML configuration using custom policies. It works in SP-initiated flow. However, I can't achieve this with IDP-initiated flow.

In IDP-initiated flow: SM sends the response -> B2C receives the SAML response and create session.

Here, How B2C know to send the SAML response to sales force?

Do we need to send rely state or redirect url value from SM?

Do you have sample policy ?
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2023-12-04T10:28:41.63+00:00

Hi @Varadharaj, Silambarasan

Please find the reference to set up salesforce as IDP - https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-salesforce-saml?tabs=windows&pivots=b2c-custom-policy

Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.

1 answer

Your answer

JamesTran-MSFT 36,906 Reputation points Microsoft Employee Moderator

2023-11-14T20:19:53.94+00:00

@Varadharaj, Silambarasan

I wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2023-11-17T04:06:46.6833333+00:00

Hi @Varadharaj, Silambarasan ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Varadharaj, Silambarasan 0 Reputation points

2023-11-30T14:08:55.35+00:00

@Shweta Mathur as you suggested I did the SAML configuration using custom policies. It works in SP-initiated flow. However, I can't achieve this with IDP-initiated flow.

In IDP-initiated flow: SM sends the response -> B2C receives the SAML response and create session.

Here, How B2C know to send the SAML response to sales force?

Do we need to send rely state or redirect url value from SM?

Do you have sample policy ?
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator

2023-12-04T10:28:41.63+00:00

Hi @Varadharaj, Silambarasan

Please find the reference to set up salesforce as IDP - https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-salesforce-saml?tabs=windows&pivots=b2c-custom-policy

Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.

Answer 1

Hi @Varadharaj, Silambarasan ,

Thanks for reaching out.

This is complex scenario which require good understanding of SAML and Azure AD B2C policies.

To achieve this flow, you can configure Azure AD B2C as a SAML identity provider (IdP) to Salesforce and as a SAML service provider (SP) to SiteMinder. Here are the high-level steps to configure this flow:

Configure Azure AD B2C as a SAML IdP to Salesforce. You will need to configure Azure AD B2C to send a SAML token to Salesforce after successful authentication.
Configure Azure AD B2C as a SAML SP to SiteMinder. You will need to configure SiteMinder to send a SAML token to Azure AD B2C after successful authentication.
Configure Azure AD B2C to act as a bridge between SiteMinder and Salesforce. You can do this by configuring Azure AD B2C to accept the SAML token from SiteMinder, validate it, and then send a new SAML token to Salesforce.

To configure Azure AD B2C as a bridge between SiteMinder and Salesforce, you can create a custom policy in Azure AD B2C that accepts the SAML token from SiteMinder, validates it, and then sends a new SAML token to Salesforce. You can use the SAML token issued by SiteMinder as the input claim for the custom policy. You can then use the TransformClaims element to transform the input claim into the output claim required by Salesforce. Finally, you can use the SendClaims element to send the output claim to Salesforce.

Hope this will help.

Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.

Share via

Need Azure AD B2C should act as authentication bridge between SiteMinder and application

1 answer

Your answer