1

I have ADFS 4.0 on an Azure VM and am trying to add ADFS as a provider to my Azure AD B2C tenant.

I have set up all the custom policies.

I am using OpenID Connect as the protocol.

My ADFS SSL certificate is self-signed and I have certificate rollover for the encryption and signing certificates.

The error I get in Application Insights is:

Exception {"Kind":"Handled","HResult":"80131501","Message":"The remote certificate is invalid according to the validation procedure.","Data":{}} Kind Handled HResult 80131501 Message The remote certificate is invalid according to the validation procedure.

I presume that I need to upload the ADFS SSL certificate to Azure AD B2C Policy Keys? How would I do that?

Also, in the CryptographicKeys section, what would that look like? In particular - what to use for the "KeyId"?

Saca
  • 10,355
  • 1
  • 34
  • 47
rbrayb
  • 46,440
  • 34
  • 114
  • 174

1 Answers1

2

Your ADFS needs to have a valid SSL cert signed by the standard Certificate Authorities in order for Azure AD B2C to communicate with it.

The certificates you upload via the CryptographicKeys section are for signing/verification and encryption/decryption of requests and tokens.

At this time, there is no way in Azure AD B2C to provide your own TLS certificates or certificate authorities. If this is something you'd like to see, you can request it via the Azure AD B2C feedback forum

Saca
  • 10,355
  • 1
  • 34
  • 47