skip to Main Content

I would like to use a custom domain with Azure AD B2C. As explained in Microsoft documentation, it’s necessary to use Azure Front Door to do this.

To avoid paying for this service, I would like to use my own web server / reverse proxy (Nginx) to do this. I don’t understand why it should not be possible…

I try with this configuration but it seems to not work :

server {
    listen 443 ssl http2;
    server_name mydomain.com;

    include /etc/nginx/snippets/server.conf;
    include /etc/nginx/snippets/ssl.conf;

    # Disabling cache by default
    set $no_cache 1;

    # IDP Conf
    location / {
        proxy_pass https://xxx.b2clogin.com/;
        proxy_cache_bypass $http_upgrade;

        # Proxy headers
        proxy_set_header Upgrade           $http_upgrade;
        proxy_set_header Connection        "upgrade";
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Port  $server_port;
        proxy_cookie_domain xxx.b2clogin.com mydomain.com;
        sub_filter      "xxx.b2clogin.com"   $host;
    }
}

Have you an idea to make it work ?

Regards,

2

Answers


  1. 1.To Add a custom domain to azure AD b2c you need to have your domain hosted and then it should be verified. Before you can add a custom domain name, create your domain name with a domain registrar. After you get your domain name, you can create your first Azure AD directory.

    2.After you add your custom domain name to Azure AD, you must return to your domain registrar and add the Azure AD DNS information from your copied TXT file. Creating this TXT record for your domain verifies ownership of your domain name.
    3.Go back to your domain registrar and create a new TXT record for your domain based on your copied DNS information. Set the time to live (TTL) to 3600 seconds (60 minutes), and then save the record

    And As you mentioned You can enable custom domain for Azure AD B2C by using Azure Front Door. We can add custom domain to azure ad directly but adding custom domain to azure ad B2C tenant is not available directly, it is is still under road map. Azure Front Door is a global entry point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications. You can render Azure AD B2C content behind Azure Front Door, and then configure an option in Azure Front Door to deliver the content via a custom domain in your application’s URL.
    Every new Azure AD B2C tenant comes with an initial domain name, .onmicrosoft.com. You can’t change or delete the initial domain name, but you can add a custom domain.
    Follow these steps to add a custom domain to your Azure AD B2C tenant:

    1. Add your custom domain name to Azure AD.
    2. Add your DNS information to the domain registrar. After you add your custom domain name to Azure AD, create a DNS TXT, or MX record for your domain. Creating this DNS record for your domain verifies ownership of your domain name.
    3. Verify your custom domain name. Verify each subdomain, or hostname you plan to use. For example, to be able to sign-in with login.contoso.com and account.contoso.com, you need to verify both subdomains and not the top-level domain contoso.com.
      After the domain is verified, delete the DNS TXT record you created.
      You can manage your custom domain with any publicly available DNS service, such as GoDaddy. If you don’t have a DNS server, you can use Azure DNS zone, or App Service domains.

    Reference

    Login or Signup to reply.
  2. You cannot onboard a custom domain in B2C without Azure Front Door (AFD). That is a hard requirement by design.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search