SOLVED

[AADB2C] How to use a custom OpenID Connect provider created on the Portal inside a Custom Policy?

%3CLINGO-SUB%20id%3D%22lingo-sub-1205419%22%20slang%3D%22en-US%22%3E%5BAADB2C%5D%20How%20to%20use%20a%20custom%20OpenID%20Connect%20provider%20created%20on%20the%20Portal%20inside%20a%20Custom%20Policy%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205419%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3CBR%20%2F%3EI%20have%20configured%20a%20built-in%20policy%20with%20an%20OpenIdConnect%20provider%20(which%20is%20an%20Azure%20AD)%3A%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22providers.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F174643i420C82BCFAF908FC%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22providers.png%22%20alt%3D%22providers.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EIt%20works%20fine%20(I%20can%20connect%20with%20my%20account%2C%20first%20time%20the%20account%20is%20created).%3C%2FP%3E%3CP%3ENow%2C%20I%20have%20created%20a%20custom%20policy%20also%20with%20an%20OpenIdConnect%20provider%20with%20the%20exact%20same%20parameters%20(linked%20to%20the%20same%20Azure%20AD).%3C%2FP%3E%3CP%3EBut%20when%20I%20test%20the%20custom%20policy%2C%20it%20creates%20a%20new%20account%2C%20it%20ignores%20the%20account%20already%20created%20by%20the%20built-in%20policy.%20But%20this%20is%20the%20same%20Azure%20AD%20behind!%3C%2FP%3E%3CP%3EWhat%20I'd%20like%20to%20achieve%20is%20to%20make%20the%20custom%20policy%20using%20the%20provider%20created%20on%20the%20Azure%20Portal.%3C%2FP%3E%3CP%3EDo%20you%20think%20this%20is%20possible%3F%3CBR%20%2F%3EThanks%20for%20your%20help%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1205419%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20B2C%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
New Contributor

Hi,
I have configured a built-in policy with an OpenIdConnect provider (which is an Azure AD):
providers.png

It works fine (I can connect with my account, first time the account is created).

Now, I have created a custom policy also with an OpenIdConnect provider with the exact same parameters (linked to the same Azure AD).

But when I test the custom policy, it creates a new account, it ignores the account already created by the built-in policy. But this is the same Azure AD behind!

What I'd like to achieve is to make the custom policy using the provider created on the Azure Portal.

Do you think this is possible?
Thanks for your help :)

1 Reply
Highlighted
Best Response confirmed by SylvainP31 (New Contributor)
Solution

@SylvainP31Found the answer, I posted it here : https://stackoverflow.com/questions/60494878/how-to-use-a-custom-openid-connect-provider-created-on-...

In short, the issuer was different between the 2 policies (the url metadata was in cause).