Cannot access Issuer url from Azure AB B2C metadata : Error 404

1
votes

For implementing Azure AD B2C in Microsoft Dynamics portals, I followed this series of article.

I created a new Azure AB B2C, linked it to my Azure subscription (a free one if that helps), created an Azure app, a signup or signin policy.

Then I clicked on the metadata url (https://login.microsoftonline.com/tfp/MyJavistaB2CPocTest.onmicrosoft.com/B2C_1_SUSI/v2.0/.well-known/openid-configuration), selected the Issuer url and paste it on a browser.

It gets a 404 error.

I asked some help and the guy that helps me had an issuer url with the tenant included, something like: https://login.microsoftonline.com/tfp/tenant.onmicrosoft.com/b2c_1_susi/v2.0/

Whereas mine has a guid instead (maybe it's a clue but cannot tell): https://login.microsoftonline.com/tfp/8701db3f-1609-4337-8e6d-b5a32d537c54/b2c_1_susi/v2.0/

What could be the cause of not being able to reach the issuer url (which makes then my Dynamics Portal unable to contact Azure AD B2C)?

Thanks

1
dynamics-crmazure-ad-b2c
FYI, you can use the guid id of your tenant or the name.onmicrosoft.com.spottedmahn

1 Answers

1
votes

The issuer value isn't an endpoint URL.

Rather, applications must match the iss claim in the ID and access tokens, which are issued by Azure AD B2C, with the issuer value, to ensure these tokens are valid.

In Dynamics 365, you should configure Authentication/OpenIdConnect/[Federation-Name]/Authority (described as "Policy-Signin-URL" in the Azure AD B2C provider settings for portals article) with the following URL, from which Dynamics 365 will discover the Azure AD B2C endpoints:

https://login.microsoftonline.com/tfp/MyJavistaB2CPocTest.onmicrosoft.com/B2C_1_SUSI/v2.0