Error getting SAML Metadata for Azure AD B2C Policy - AADB2C90022

0
votes

Setting up a custom policy in Azure AD B2C to connect to an ADFS Identity Provider. This requires a SAML metadata endpoint as specified in the documentation at the link below.

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp#configure-an-adfs-relying-party-trust

The error being encountered is:

AADB2C90022: Unable to return metadata for the policy [my-policy] in tenant [my-tenant].onmicrosoft.com.

and is being encountered when I go to the endpoint:

https://login.microsoftonline.com/te/[my-tenant].onmicrosoft.com/[my-policy]/samlp/metadata?idptp=[my-technical-profile]

I have tried making the request from the b2clogin.com endpoint with the same result as above.

E.g. https://[my-tenant].b2clogin.com/te/[my-tenant].onmicrosoft.com/[my-policy]/samlp/metadata?idptp=[my-technical-profile]

I have also tried using my tenantId GUID in place of [my-tenant].onmicrosoft.com which resulted in the exact same result.

E.g. https://login.microsoftonline.com/te/[my-tenant-id]/[my-policy]/samlp/metadata?idptp=[my-technical-profile]

1
azuresamlazure-ad-b2c
Hi Ryan: The AADB2C90022 error is caused a faulty policy. Can you paste it in the above question?Chris Padgett

1 Answers

0
votes

Re-visit the process by which you created the certificate, uploaded it to your 'Policy Keys' and referenced it in your custom policy files.

My scenario was similar, I had the same error and no output via Application Insights / Journey Recorder. I had tried to avoid using 'makecert.exe' and instead used another SSC generation tool. This simply did not work, I think because the private key was not being incorporated in the certificate file.

This guide has been invaluable, see also this test facility