Is it possible to exchange an SAML assertion from AAD B2C for a JWT Token?

Question

I have the following:

An existing WEB application using SAML for authentication. Using B2C custom policies, I have successfully set up Azure AD B2C to allow this application to authenticate users using SAML.
An API (ASP.NET Web API) using OpenID connect to authenticate callers (on the same Azure AD B2C).

I would like to authenticate calls from the Web Application to the WebAPI using the identity of the Web application authenticated user. So I have would need a JWT token so I can validate it in my API middleware. Is there any simple way of converting the SAML Assertion to a JWT token so the Web application can send it to my API with requests ? I have read somewhere that IdentityServer could do the job using Azure ACS (For AAD B2C ?) but I understand that ACS will be retired on November...

Thanks.

Yes, ACS has a way to configure the "Token Format" but as you said it's retiring in November. Have you taken a look at this thread? stackoverflow.com/questions/25385461/… — Marilee Turscak - MSFT

Marilee Turscak - MSFT Marilee Turscak - MSFT · Accepted Answer · 2018-09-05T17:26:57

You can ask your IDP to provide the JWT token as a SAML attribute inside your current SAML tokens, or ask them to provide you with an alternative way of acquiring the JWT tokens you require.

Also, you can configure IdentityServer to return JWT. Go to global config and change the default token type to JWT (same value as the default http token type).

Is it possible to exchange an SAML assertion from AAD B2C for a JWT Token?

1 Answers