Via IEF Custom Policy, Claims Provider -> "OpenIdConnect" Technical Profile's Metadata is pointing to a 3rd party IDP's OIDC Metadata endpoint.
When running the policy, Azure ADB2C custom policy returns:
“Unable to connect to the metadata endpoint”
with 2nd exception
"The request was aborted: Could not create SSL/TLS secure channel."
{
"Kind": "FatalException",
"Content": {
"Time": "0:00 PM",
"Exception": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "Unable to connect to the metadata endpoint 'https://<redacted>/.well-known/openid-configuration'",
"Data": {
"IsPolicySpecificError": false,
"uri": "https://<redacted>/.well-known/openid-configuration"
},
"Exception": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "An error occurred while sending the request.",
"Data": {},
"Exception": {
"Kind": "Handled",
"HResult": "80131509",
"Message": "The request was aborted: Could not create SSL/TLS secure channel.",
"Data": {}
}
}
}
}
}
The since the idp only supports a single cipher - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) this might be the limiting factor. Is there a list of support SSL/TLS protocols and ciphers known or published by AAD / AAD B2C documentation?
SSL cert is valid and has a chain to a major trusted cert authority.