On Azure B2C I've create a custom policy to connect a Spring Application Using SAML protocol. This application use SAML to connect to B2C then B2C use external IDP on KeyCloak to perform the autentication.
I follow this documentation to setting up my Client on KeyCloak.
When I do the login in my spring application throught Chrome console each network call seems fine, but the last SAML assertion I obtain this error
Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is Id:3e00c8b4-d645-44f9-a3ab-fd3400bee95c ; Message: A claim with id 'issuerUserId' was not found, which is required by ClaimsTransformation 'CreateAlternativeSecurityId' with id 'CreateAlternativeSecurityId' in policy 'B2C_1A_signup_signin_saml' of tenant 'mytenant.onmicrosoft.com'.
I think the problem in
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/>
But I can't figurate how to resolve. Any suggestion?
CodePudding user response:
The problem is in the mapping of the SAML to B2C claims.
Refer this.
Nothing is being mapped to "issuerUserId" or if there is a mapping, it's mapping something that doesn't exist on the SAML side.