Configuring Azure B2C as a SAML Identity Provider

I wanted to create a proof of concept that Azure B2C would work as a SAML Identity provider. I already knew this was possible based on a few searches but I hadn’t worked with Azure B2C before. I decided I would prove this using the SAML SP Tester GitHub repo and Microsoft’s post on connecting Azure B2C with SAML Service Providers. I followed the steps in the post and used the local account template from the Active Directory B2C Custom Policy Starterpack but something wasn’t right. I was getting an error about an incorrect ACS. After some searching I found Shanky Munjal’s post on SAML based SSO with Azure AD B2C as an IDP which included instructions on how to set metadata on Sign Up / Sign In custom policy. This got me a little further. I could now get to the login page and create a user but if I tried to sign in I would get an error that the username or password were incorrect. I eventually found Microsoft’s post on Getting Started with Custom Policies which mentioned creating a Identity Experience Framework application and a Proxy Identity Experience Framework application. I’d recommend naming the Proxy Identity Experience Framework application after the Service Provider if you ever anticipate having multiple Service Providers use your Identity Provider. Lastly, I found that Shanky Munjal’s post had me adding client_id and IdTokenAudience that I both didn’t need in my case and were actually causing an error. Now I could run the SAML SP Tester successfully against Azure B2C. I was also able to use Sustainsys’ Sample ASP.NET Core 2 Application sample as a second Service Provider.