Azure B2C SSO SAML Integration

Hello
I’m working on implementing SSO using SAML. Azure B2C is being used as the Idp.
Azure B2C will ‘eventually’ support SAML SSO (private preview as of now according to Microsoft Support), so I’m researching alternative solutions.
Would it be possible to use the SAML v2.0 ASP.NET Core Suite to build a wrapper around my B2C tenant (using the Graph API for instance), and use that as the SAML endpoint ?
Do you have any similar scenarios or previous implementations using Azure B2C ? (not Azure AD).

Thanks !

I’m afraid we don’t have any experience with Azure B2C SAML support.
Your suggestion of a SAML IdP which uses the Graph API for the authentication implementation should work.
SAML SSO and our product are independent from the authentication mechanism employed at the IdP.
You can use whatever you like to perform the actual authentication of the user.

Hi All,

Is there any progress on this? I also got a requirement for integrating with Azure B2C. is there any guide to do this?

Thanks,
Charaka

Not yet I’m afraid. We have a guide for Azure AD but a guide for Azure B2C is still on our to-do list.
I don’t anticipate there would be any issues as we have a number of customers who have successfully integrated.
If you do run into any issues, please contact us through the forum or via email.

Just FYI:

https://medium.com/the-new-control-plane/connecting-the-componentspace-saml-2-0-stack-to-azure-ad-b2c-c6e8288eeb4b

Hi Rory,

Thank you very much for the article and link.

As the IdP, Azure B2C is responsible for authenticating the user. I’m not sure if it’s possible to configure Azure B2C to authenticate the user in the manner you describe using your own custom form. This isn’t directly related to our SAML product. We simply receive and process the SAML response/assertion from the Azure B2C in this scenario.

Passing the username and password to the IdP is not supported by the SAML specification.

[quote]
ComponentSpace - 9/1/2021
As the IdP, Azure B2C is responsible for authenticating the user. I'm not sure if it's possible to configure Azure B2C to authenticate the user in the manner you describe using your own custom form. This isn't directly related to our SAML product. We simply receive and process the SAML response/assertion from the Azure B2C in this scenario.

Passing the username and password to the IdP is not supported by the SAML specification.
[/quote]

B2C does not allow you to use your own login form.

The only exception is to use the iframe element to embed the Azure AD B2C sign-in user interface directly into your web application - https://docs.microsoft.com/en-us/azure/active-directory-b2c/embedded-login?pivots=b2c-custom-policy

This article describes using ComponentSpace to authenticate against B2C as an IDP - https://medium.com/the-new-control-plane/connecting-the-componentspace-saml-2-0-stack-to-azure-ad-b2c-c6e8288eeb4b

You can pass the username/password for authentication using the resource owner flow but that uses OIDC - https://docs.microsoft.com/en-us/azure/active-directory-b2c/add-ropc-policy?tabs=app-reg-ga&pivots=b2c-custom-policy



Thanks for the links and information.