问题描述

在Azure AD B2C中设置自定义策略以连接到ADFS身份提供程序.这需要下面链接中的文档中指定的SAML元数据终结点.

Setting up a custom policy in Azure AD B2C to connect to an ADFS Identity Provider. This requires a SAML metadata endpoint as specified in the documentation at the link below.

https://docs.microsoft.com/zh-CN/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp#configure -adfs依赖方信任

遇到的错误是:

AADB2C90022:无法在租户[my-tenant] .onmicrosoft.com中返回策略[my-policy]的元数据.

并且在我进入端点时遇到:

and is being encountered when I go to the endpoint:

https://login.microsoftonline.com/te/[my-tenant] .onmicrosoft.com/[my-policy]/samlp/metadata?idptp = [my-technical-profile]

我尝试从b2clogin.com端点发出请求，结果与上述相同.

I have tried making the request from the b2clogin.com endpoint with the same result as above.

例如 https://[my-tenant] .b2clogin.com/te/[my-tenant] .onmicrosoft.com/[my-policy]/samlp/metadata?idptp = [my-技术资料]

我还尝试使用tenantId GUID代替[my-tenant] .onmicrosoft.com，结果完全相同.

I have also tried using my tenantId GUID in place of [my-tenant].onmicrosoft.com which resulted in the exact same result.

例如 https://login.microsoftonline.com/te/[my-tenant-id]/[my-policy]/samlp/metadata?idptp = [my-technical-profile]

推荐答案

重新访问创建证书的过程，将其上载到策略密钥"并在自定义策略文件中引用它.

Re-visit the process by which you created the certificate, uploaded it to your 'Policy Keys' and referenced it in your custom policy files.

我的情况相似，我有相同的错误，并且没有通过Application Insights/Journey Recorder进行输出.我曾尝试避免使用"makecert.exe"，而是使用了另一个SSC生成工具.我认为这根本行不通，因为私钥没有合并到证书文件中.

My scenario was similar, I had the same error and no output via Application Insights / Journey Recorder.I had tried to avoid using 'makecert.exe' and instead used another SSC generation tool. This simply did not work, I think because the private key was not being incorporated in the certificate file.

本指南十分宝贵，另请参见此测试工具

This guide has been invaluable, see also this test facility

这篇关于获取Azure AD B2C策略的SAML元数据时出错-AADB2C90022的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！