Forum Discussion

Deleted's avatar
Deleted
Oct 30, 2017

Azure B2C as a Claims Provider to ADFS 2016 to use with federated partners

Hi,

A bit of an interesting use case here, we're looking at leveraging an Azure B2C directory as another claims provider in ADFS 2016 to access a federated parties resources over a federation trust setup with their ADFS system.

 

I've been checking on resources and there's nothing yet that I've found that can help configure this, if it's at all possible which I'm still trying to validate. I could use an Identity Server v3 or 4 to do the job but with ADFS 2016 and Open-ID Connect support I was hoping we could leverage our existing infrastructure.

 

A tricky one and hopefully someone's run into something similar before, thanks.

 

 

  • ADFS 4.0 only has OpenID Connect downstream not upstream so this can't be done natively.

     

    You can use a bridge e.g. idsrv or Auth0.

     

    Just FYI: With the new custom policies in B2C, you can add OIDC or SAML support to hook up ADFS.

     

  • RoryB's avatar
    RoryB
    Copper Contributor

    ADFS 4.0 only has OpenID Connect downstream not upstream so this can't be done natively.

     

    You can use a bridge e.g. idsrv or Auth0.

     

    Just FYI: With the new custom policies in B2C, you can add OIDC or SAML support to hook up ADFS.

     

  • Are you you setting SharePoint or a general web app as the relying parting?

     

    I am interested in your use case with Azure AD B2C. I tried with Azure AD with ADFS 2016 against sharepoint, but this wouldn't work as Azure AD currently doesn't support SAML 1.1 which SP needs. I hear this may be supported in AAD in future. In future, I want to try B2C as this would be great for external collaboration scenarios.

     

    I have actually tried and quite successful with Auth0 as the SSO broker. But you obviously have to pay considerably.

Resources