User Profile
haelshab
Former Employee
Joined 6 years ago
User Widgets
Recent Discussions
Re: does B2C custom policy supports self_signed_tls_client_auth for token_endpoint_auth_methods?
vshiyani yes, this feature is in public preview. Customer can choose to set the following metadata parameters: “token_endpoint_auth_method” metadata parameter to “private_key_jwt”. “token_signing_algorithm” metadata parameter to “RS256” or “RS512” And then supply the following cryptographic key: assertion_signing_key So the resulting Technical Profile would look something like this: <TechnicalProfile Id="MSA-OIDC"> <DisplayName>Microsoft Account</DisplayName> <Protocol Name="OpenIdConnect" /> <Metadata> <Item Key="ProviderName">https://login.live.com</Item> <Item Key="METADATA">https://login.live.com/.well-known/openid-configuration</Item> <Item Key="response_types">code</Item> <Item Key="response_mode">form_post</Item> <Item Key="scope">openid profile email</Item> <Item Key="HttpBinding">POST</Item> <Item Key="UsePolicyInRedirectUri">false</Item> <Item Key="client_id">Your Microsoft application client ID</Item> <Item Key="token_endpoint_auth_method">private_key_jwt</Item> <Item Key="token_signing_algorithm">RS256</Item> </Metadata> <CryptographicKeys> <Key Id="assertion_signing_key" StorageReferenceId="B2C_1A_OIDCAssertionSigningKey" /> </CryptographicKeys> <InputClaims> <InputClaim ClaimTypeReferenceId="domain_hint" DefaultValue="contoso.com" /> </InputClaims> <OutputClaims> <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="live.com" /> <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" /> <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="sub" /> <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name" /> <OutputClaim ClaimTypeReferenceId="email" /> </OutputClaims> </TechnicalProfile> Needless to say, you also need to create a Key named OIDCAssertionSigningKey in IEF Policy Keys and make sure you use the corresponding algorithm.802Views0likes0Comments
Recent Blog Articles
No content to show