question

palayathar avatar image
0 Votes"
palayathar asked amanpreetsingh-msft edited

B2C Issuer Claim URL with Policy ID

Good Morning Team

I have created a B2C tenant and used built-in and custom policy to authenticate consumer users to Dynamics 365 web portal.

Built-in user flow while accessing Dynamics 365 portal app is working fine and it has the following issuer url

https://<mytenantname>.b2clogin.com/tfp/<TENANTID>/b2c_1_signin/v2.0/

However, the flow using custom policy shows an error [Unable to retrieve document from: '[PII is hidden]'.] that is pointing towards issuer uri. The issuer uri for this custom policy is
https://<mytenantname>.b2clogin.com/<TENANTID>/v2.0/

I understand that Issuer(is)claim property identifies the Azure AD B2C tenant that issued the token. The default value is https://<domain>/{B2C tenant GUID}/v2.0/. However, the value of https://<domain>/tfp/{B2C tenant GUID}/{Policy ID}/v2.0/ includes IDs for both the Azure AD B2C tenant and the user flow that was used in the token request.

It seems that Dynamics 365 portal apps requires this format https://<domain>/tfp/{B2C tenant GUID}/{Policy ID}/v2.0/. How would I change the custom policy so that the issuer uri will be of the above format with Policy ID in it?


Thanks

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered amanpreetsingh-msft edited

Hi @palayathar · Thank you for reaching out.

In order to get the value of Issuer claim in https://<mytenantname>.b2clogin.com/tfp/<TENANTID>/b2c_1_signin/v2.0/ format, you need to add below metadata key to the <TechnicalProfile Id="JwtIssuer">, which is by default in the trustframeworkbase file.

<Item Key="IssuanceClaimPattern">AuthorityWithTfp</Item>

83105-image.png

Below is how the Issuer claim in the token looks like afterwards:

83116-image.png

When this key is not added default value taken is AuthorityAndTenantGuid which is why tfp and the policy names are not included in the issuer claim.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (39.3 KiB)
image.png (6.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.