I'm trying to Federate from one ADB2C tenant to another ADB2C tenant.
I'm following the doc:
The identity provider tenant has a restriction that the authorization endpoint will work only if the authorization endpoint contains a list of specific query parameters. However, since the authorize endpoint is self constructed in ADB2C using Well-known openid config, I'm not sure how I would be able to add the query params to the authorize endpoint.
I tried to add the query params as Item Key as follows which isn't working:
I also tried to add the query params directly to Metadata which says incorrect xml format. Example:
Both the above approach aren't working. I'm thinking of using OAuth2 Protocol provider and test if I could do something with it. But I doubt that's even possible. Anyone else has any solution for this
I'm trying to Federate from one ADB2C tenant to another ADB2C tenant.
I'm following the doc:
https://learn.microsoft/en-us/azure/active-directory-b2c/identity-provider-azure-ad-b2c?pivots=b2c-custom-policy
The identity provider tenant has a restriction that the authorization endpoint will work only if the authorization endpoint contains a list of specific query parameters. However, since the authorize endpoint is self constructed in ADB2C using Well-known openid config, I'm not sure how I would be able to add the query params to the authorize endpoint.
I tried to add the query params as Item Key as follows which isn't working:
I also tried to add the query params directly to Metadata which says incorrect xml format. Example:
Both the above approach aren't working. I'm thinking of using OAuth2 Protocol provider and test if I could do something with it. But I doubt that's even possible. Anyone else has any solution for this
Share Improve this question asked Mar 10 at 16:00 TheGreatApeTheGreatApe 505 bronze badges 1- Can you use the "state" parameter? It can be a string of any content. Pl see this link for more info: learn.microsoft/en-us/azure/active-directory-b2c/… – SoftwareDveloper Commented Mar 10 at 17:49
1 Answer
Reset to default 1You can add additional query string parameters to the /authorize request by adding them as additional input parameters to the OpenID Connect technical profile:
<InputClaims>
<InputClaim ClaimTypeReferenceId="domain_hint" DefaultValue="contoso" />
</InputClaims>
You can do the usual InputClaims things of mapping to claims that already have values or setting the name of the query string parameter as something separate to the name of the claim
<!-- domainHint has been pre-populated, e.g. based on user's email domain -->
<InputClaims>
<InputClaim ClaimTypeReferenceId="domainHint" PartnerClaimType="domain_hint" />
</InputClaims>
Your metadata XML issue is something slightly separate. There you need to escape the ampersands:
<Item Key="METADATA">{base-path}/.well-known/openid-configuration?query_1=value&query2=value&query_3=value</Item>
Though unless you need to pass fixed query string parameters to the OIDC metadata endpoint there's no need to do that at all.