‘Getting the “Issue Microsoft Entra Verified ID credentials from an application” flow working For a change, a non-B2C article! Verified credentials could well be the next big thing in Identity. So I was keen to jump in and have a look 😃 You can read up on the concepts here. First you have to configure your tenant. This was pretty straightforward although it…

There are several questions around this on stackoverflow and the old way was to run a somewhat convoluted PowerShell script. However, it is much easier now. You will have an app. registration in Azure AD for the federation. The clientID for this app. registration will be in the federation section of the B2C custom policy. For each app. registration, there is also an Enterprise application. Find the matching Enterprise application:

There’s a good article here, but it just has snippets that have confused some people, so I thought I would do a write-up with a complete custom policy. As usual, the gist is here. The policy is really simple: Do the federation Display the claims After you federate (in this…

Out of nowhere, a federation between Azure AD and B2C that had worked for a while just stopped working 😠 The error message was: “AADB2C90289: We encountered an error connecting to the identity provider. Please try again later.” When you google this, all the results tell you that the federation…

The B2C error on the page is: The page cannot be displayed because an internal server error has occurred. The error in AppInsights is: ""Content"": "Web.TPEngine.StateMachineHandlers.SendErrorResponseToXmlHttpRequestClient" There are no other details, attribute names etc., that could serve as clues. To see how to use AppInsights, refer to this. I previously…

I needed a list of users who had recently reset their passwords. In Azure AD B2C:

This was to decode a SAML payload derived for Azure AD B2C. This particular customer had a website that only worked in Chrome, and security had disabled all add-ons. e.g. a SAML tracer. They also limited access to external sites e.g. online SAML decode/encode. So I could only do it…

stackoverflow recently posted that they would not accept any answer generated by ChatGPT. So I decided to find out how good ChatGPT was. Question 1 Why does the AD FS OpenID Connect userinfo endpoint return only “sub” Answer The AD FS OpenID Connect userinfo endpoint is an OAuth 2.0 protected resource that returns…

For a change, a non-identity-related post. Back in 2009, Scott Hanselman wrote his version of this. I wrote my version in a previous blog and am now updating it for this blog. I cheated — there are more than 10 awesome things. Pong Pong is a table tennis–themed arcade sports video…