I’m looking for information about Azure AD B2C and how/if it can act as a Leaf Entity in a OpenID Federation Trust Chain (ref: https://openid.net/specs/openid-federation-1_0.html).
This requires the /.well-known/openid-federation endpoint to be available in order to access the Entity Statement, which it is not (at least not out of the box).
So if that is at all possible with AD B2C, I’m looking for information on how to do that.
If it is not possible, I would very much appreciate any information on if/when it will be in order to decide if we need to look towards alternative solutions.
Thank you,
Jonas
2
Answers
I got a response from Microsoft via a different channel, for anybody looking for this in the future:
"Hello Jonas Jorgensen , Azure AD B2C does not support the openid-federation well known endpoint. There're no known plans to support it. You can let the product team know about your requirement posting it in the Azure Ideas Forum. Choose forum Microsoft Entra and Category B2C."
In terms of the endpoint, B2C only has:
https://tenant.b2clogin.com/tenant.onmicrosoft.com//v2.0/.well-known/openid-configuration
You may be able to use a proxy to convert /.well-known/openid-federation to this?
In terms of the functionality being added, I would say there is very little chance as B2C is pretty much feature complete, and the effort is on Entra External ID (CIAM).