This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPN%3C/text%3E%3C/svg%3E)
Hi,
Wanted to know what and all should be in place on AD B2C instance before we start configuring the AD B2C with any external application for SSO using SAML. Basically after procuring of the new AD B2C instance, what configurations should be in place on AD B2C for SSO.
@Prashant N
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Hi @Prashant N • Thank you for reaching out. Please find below the steps that you need to perform and the detailed documentation for step by step walkthrough.
https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/Samlp/metadata. For step-by-step instructions and a detailed walkthrough of these steps, please refer to Register a SAML application in Azure AD B2C.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Thanks
We followed the steps what you have described here but getting the following error when we tried to integrate with eCommerce application for login authentication with AD B2C. Any pointers?
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester" />
<samlp:StatusMessage>The request exceeds the allowable time to live.</samlp:StatusMessage>
<samlp:StatusDetail>
<IsPolicySpecificError>false</IsPolicySpecificError>
</samlp:StatusDetail>
</samlp:Status>
@Prashant N · Have you Collected Azure Active Directory B2C logs with Application Insights to get more details about the error? I suspect that this is due to the time difference (clock skew) between the application sending the SAML request and B2C. Make sure there are no more than ±5 minutes of difference.
Again, App Insights may provide more details about the problem.
Not yet, have asked customer to collect the logs
Can you confirm the option how to register SP Entity ID metadata and its ACS URL in AD B2C for SAML? suspecting issue could be with these settings/configurations.
Thanks
hello,
Issue is resolved, Thanks for the support.
Is there a way to generate the JWT Token as part of return URL from AD B2C after the successful authentication from AD B2C using SAML.
@Prashant N · Thanks for the update. Not sure about the entire setup, but if you have federated SAML based IDP with B2C and B2C issues JWT to the application, you need to make sure that the authentication request from the Application includes response_mode parameter and should be either set to query or fragment.
Response_mode parameter specifies the method that should be used to send the resulting token back to your app. Can be one of the following:
query provides the code as a query string parameter on your redirect URI. If you're requesting an ID token using the implicit flow, you can't use query as specified in the OpenID spec. If you're requesting just the code, you can use query, fragment, or form_post. form_post executes a POST containing the code to your redirect URI.
Please check below request to understand how the request with this parameter looks like:
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
@Prashant N · Just checking if you had a chance to test it out. If the issue is resolved, kindly "Accept the answer" to help others in the community as well.