cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure B2C oidc authentication with SPSE failed

Ian_Morrish
Brass Contributor

‎Mar 08 2022 06:15 PM

‎Mar 08 2022 06:15 PM

Azure B2C oidc authentication with SPSE failed

My AuthorizationEndpoint is defined in SP as

 
But when SP redirects, it drops the p=b2c_1a_signup_signin" and just has ?client_id=xxx...
Resulting in 404
 
I'm using custom Exp Framework in B2C so I can specify known x5c certificate for which the .cer is added to SP
 
Has anyone else got this to work?
1,824 Views
0 Likes
8 Replies
Reply
8 Replies
Ian_Morrish

‎Mar 10 2022 11:39 AM

‎Mar 10 2022 11:39 AM

Re: Azure B2C oidc authentication with SPSE failed

Think I found my problem, should be using OpenID connect format, not OAuth2. Very subtle difference where the flow name goes.
GET https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize?
0 Likes
Reply
Steve Zhang

‎Mar 10 2022 05:07 PM

‎Mar 10 2022 05:07 PM

Re: Azure B2C oidc authentication with SPSE failed

Thank you Ian for trying on OIDC in SPSE. Good to know that you sorted out the problem.
Please let us know if you have further problem or suggestion regarding SharePoint Server authentication.
0 Likes
Reply
Ian_Morrish

‎Mar 26 2022 01:04 AM

‎Mar 26 2022 01:04 AM

Re: Azure B2C oidc authentication with SPSE failed

Hmmm, still didn't work because SharePoint adds ?Source=/ to the redirect_uri which B2C apps don’t allow (Azure AD does allow and sample guide for configuring OIDC in Azure AD shows modifying the manafest to allow /* which is blocked in B2C).
URL Rewrite to the rescue. Handling the Password Rest flow from B2C is a little more tricky.
0 Likes
Reply
Steve Zhang

‎Mar 26 2022 05:28 AM

‎Mar 26 2022 05:28 AM

Re: Azure B2C oidc authentication with SPSE failed

@Ian_Morrish Is there any more detail about the error you are facing? 

The detail of your configurations and also the ULS Log?

 

Steve

0 Likes
Reply
Ian_Morrish

‎Mar 26 2022 11:50 AM

‎Mar 26 2022 11:50 AM

Re: Azure B2C oidc authentication with SPSE failed

See Case #:30122271
IT is not an error, just incompatibility.
SharePoint will always append the ?source= to the OIDC redirect_uri value.
This also happens on session timeout and then SharePoint adds the relative path for the page the user is requesting to the source value.

B2C doesn't allow any parameter in the uri_redirect. It supports state or custom parameters for this. https://docs.microsoft.com/en-us/azure/active-directory-b2c/openid-connect

SharePoint team could resolve this as I don't think B2C team will allow URL parameters.
SP would need to have to option to do either:
append the source value just as a bookmark ( #relativpathForSPpage ) or implement a Source custom parameter.
0 Likes
Reply
Steve Zhang

‎Mar 26 2022 10:21 PM

‎Mar 26 2022 10:21 PM

Re: Azure B2C oidc authentication with SPSE failed

Hi Ian,

I got you. We haven't validated with Azure B2C OIDC. We will take a look.

Steve
0 Likes
Reply
IAN Morrish

‎Sep 07 2022 02:55 PM

‎Sep 07 2022 02:55 PM

Re: Azure B2C oidc authentication with SPSE failed

Hi Steve, any progress on this?
0 Likes
Reply
Steve Zhang

‎Jan 04 2023 10:57 PM

‎Jan 04 2023 10:57 PM

Re: Azure B2C oidc authentication with SPSE failed

Could you please try again? I remember we fixed it if my memory is fresh.
0 Likes
Reply