1

We are using Azure Active Directory B2C in combination with Azure Front door. When signing in with a password and username it works fine, but when signing in with a social provider it shows the wrong domain.

Before sign in:

enter image description here

After sign in with social provider (loading before continuing with, in this case localhost)

enter image description here

The difference here, is that before the sign-in we have login.timchermin.com/login.timchermin.com and after we have login.timchermin.com/lokaalaybler.onmicrosoft.com. I would prefer the onmicrosoft.com to also be login.timchermin.com.

I tried putting https://login.timchermin.com/login.timchermin.com/oauth2/authresp in the google cloud app setting. But this will give the following error.

enter image description here

(How) Can I make it so that my authresp also includes the domain in after the first / ? I am also using custom policies, if that makes a difference. The domain login.timchermin.com is also set as the primary domain. enter image description here

Tim Chermin
  • 304
  • 2
  • 10

1 Answers1

1

Please make sure that you have all redirect URLs registered properly in your social IDP. This is my configuration for the Facebook login. I also use Front Door with Azure AD B2C:

enter image description here

Redirect URL should be aligned with this pattern when using custom domain:

https://your-custom-domain/name-of-your-ad-b2c-tenant.onmicrosoft.com/oauth2/authresp

Daniel Krzyczkowski
  • 2,732
  • 2
  • 20
  • 30
  • In the provided image you also have onmicrosoft.com instead of the tech-mind-factory-identity.org domain after login.tech...etc/ comes techmindfactoryidentity.onmicrosoft.com – Tim Chermin Jan 19 '23 at 14:16
  • You are right, apologize, I wrongly understood your initial question. Let me check with Product Group, I will get back as soon as possible. – Daniel Krzyczkowski Jan 20 '23 at 06:32
  • All good, my explanation definitely could have been better! I appreciate the help. – Tim Chermin Jan 20 '23 at 07:36
  • I have sent the question about this topic - once I have any updates I will let you know! – Daniel Krzyczkowski Jan 21 '23 at 07:57
  • @TimChermin I am getting back with the response. There is no option currently to fully replace "onmicrosoft.com" in the URL. You can either use tenant ID or "tenant-name.onmicorosft" in the URL. The FQDN in the URL can make use of the cname but the next portion of the URL is a tenant identifier and cannot be the cname. – Daniel Krzyczkowski Jan 23 '23 at 15:33
  • 1
    Alright makes sense yeah, thanks for your response and time! I'll mark this as the answer. – Tim Chermin Jan 23 '23 at 15:37