Azure AD B2C SAML Response encoding issue

DisplayName-3010 131 Reputation points

Hi everyone,

If I create a user with a name which does have characters which need to be encoded correctly in the name or other attributes it is not correctly added to the SAML response, or not shown correctly by the test web application, the problem is with the surname, in this case containing an "ö".

    <saml:AttributeValue xsi:type="xs:string">John</saml:AttributeValue>  
<saml:Attribute Name="" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname">  
    <saml:AttributeValue xsi:type="xs:string">Te??st</saml:AttributeValue>  
<saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Email Address">  
    <saml:AttributeValue xsi:type="xs:string"></saml:AttributeValue>  

For OpenID Connect it works as expected:

"exp": 1652178625,
"nbf": 1652175025,
"ver": "1.0",
"iss": "****",
"sub": "****",
"aud": "****",
"acr": "b2c_1a_signin",
"nonce": "defaultNonce",
"iat": 1652175025,
"auth_time": 1652175025,
"email": "john.doe@tiedtlaw email .com",
"name": "john.doe@tiedtlaw email .com",
"given_name": "John",
"family_name": "Teöstr",
"tid": "***"

Is this just a miss configuration, a bug or a missing feature?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,773 questions
{count} votes

2 answers

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,506 Reputation points

    Hi @DisplayName-3010 • I worked with the product team on this issue and they confirmed it as a bug. A work item is added for them to fix this issue. As of now, I don't have an ETA from their side. I will keep an eye on the progress and will post an update on this thread once the fix is released.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. DisplayName-3010 131 Reputation points

    Issue is in the test application not with Azure AD B2C. SAML is encoded correctly in the base64 encoded SAML response, but the Microsoft Test web application does not decode it correctly

    0 comments No comments