Thank you for reaching out. I understand that you are receiving the following error when trying to login with a SAML application:
Profile 'JwtIssuer' in policy 'B2C_1A_signup_signin_saml' in tenant '.onmicrosoft.com' does not contain the required cryptographic key 'SamlMessageSigning'
A few things to check:
- Make sure you registered IdentityExperienceFramework and ProxyIdentityExperienceFramework as explained here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#register-identity-experience-framework-applications
Make sure that the JwtIssuer profile contains the SamlMessageSigning:
<Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SamlIdpCert"/>
- Also make sure you have added signing and encryption keys as mentioned here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy#add-signing-and-encryption-keys
If you are still facing this issue, please share your technical profile so that I can help troubleshoot.