Azure B2C - 用于SAML应用程序的PFX [英] Azure B2C - PFX for SAML applications

问题描述

我在根据文档生成PFX时遇到问题。 

我正在尝试使用Okta作为Idp和Azure AD B2C作为SP并遵循Salesforce文档。  https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-sf-app-custom

我可能没有正确生成PFX。我在Azure上尝试了Powershell命令，但是它没有将New-SelfSignedCertificate识别为命令并且丢失了错误。 

我还尝试生成没有密钥的PFX当我测试说"没有私钥"的应用程序时出现错误

然后，我尝试创建一个密钥和PEM： 

openssl req -outform PEM -x509 - nodes -days 365 -newkey rsa：2048 -keyout newkey.key -out certificate.pem

然后使用此站点生成PFX：  https：// www.sslshopper.com/ssl-converter.html

登录Okta后出现此错误。  "AADB2C：发生了异常"服务器警报，没有其他细节。

我是否必须使用PFX而不仅仅使用Okta证书？如何生成PFX并将其链接到应用程序？
$

解决方案

您的错误消息可能与PFX问题无关。请确保web.config / appsettings中的客户端ID / app ID，tenantID和主页URL与门户网站中的内容匹配，因为如果配置不正确，有时会出现此错误。 

如何生成PFX：

步骤1 - 创建策略密钥和身份体验框架应用程序

按照
URL 。



-
先决条件

- 向您的B2C租户添加签名和加密密钥以供cust使用om policies。

- 注册Identity Experience Framework应用程序。

我们无需更改任何内容，这些步骤清晰明了。





第2步 - 创建证书

我们需要创建证书来签署SAML响应。

1。使用makecert创建证书

- makecert -r -pe -n"CN = yourappname.yourtenant.onmicrosoft.com" - a sha256 -sky signature -len 2048 -e 12/21/2018 -sr CurrentUser -ss My YourAppNameSamlCert.cer

- 转到证书商店"管理用户证书">当前用户>个人>证书> yourappname.yourtenant.onmicrosoft.com

- 右键单击​​>所有任务>导出

- 是，导出私钥。

- 默认值（PFX和第一个复选框）

2。转到Azure AD B2C租户。点击设置>身份体验框架>政策关键字。

3。单击+添加，然后单击选项>上传。

4。输入名称（例如，YourAppNameSamlCert）。前缀B2C_1A_会自动添加到您的密钥名称中。

5。使用上传文件控件上传您的证书。

6。输入证书的密码。

7。单击"创建"。

8。确认您已创建密钥（例如，B2C_1A_YourAppNameSamlCert）。

https://dzone.com/articles/saml-based-sso-with-azure-广告-B2C-AS-AN-IDP

I am having trouble generating a PFX according to the document. 

I am trying to use Okta as the Idp and Azure AD B2C as the SP and following the Salesforce documentation. https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-sf-app-custom

I may not have generated a PFX correctly. I tried the Powershell commands on Azure but it did not recognize the New-SelfSignedCertificate as a command and threw back an error. 

I've also tried to generate a PFX without a key and then I get an error when I test the application that said "no private key"

Then, I tried to create a key and PEM: 

openssl req -outform PEM -x509 -nodes -days 365 -newkey rsa:2048 -keyout newkey.key -out certificate.pem

And then used this site to generate a PFX: https://www.sslshopper.com/ssl-converter.html

And get this error after logging into Okta.  "AADB2C: An exception has occurred" Server Alert and no other details.

Do I have to use a PFX instead of just the Okta certificate? How can I generate the PFX and link it to the application?

解决方案

Your error message might be unrelated to the PFX issue. Please ensure that the client ID/app ID, tenantID, and homepage URL in the web.config/appsettings match what you have in the portal as sometimes this error occurs if that is not configured correctly. 

How to generate the PFX:

Step 1 – Create Policy Keys and Identity Experience Framework Application
Follow the first 3 points of this URL.

- Prerequisites
- Add signing and encryption keys to your B2C tenant for use by custom policies.
- Register Identity Experience Framework applications.

We do not need to change anything and these steps are clear and explanatory.


Step 2 – Create Certificate
We need to create certificates to sign the SAML response.
1. Create the cert using makecert
- makecert -r -pe -n "CN=yourappname.yourtenant.onmicrosoft.com" -a sha256 -sky signature -len 2048 -e 12/21/2018 -sr CurrentUser -ss My YourAppNameSamlCert.cer
- Go to cert store "Manage User Certificates" > Current User > Personal > Certificates > yourappname.yourtenant.onmicrosoft.com
- Right-click > All Tasks > Export
- Yes, export the private key.
- Defaults (PFX and first checkbox)
2. Go to your Azure AD B2C tenant. Click Settings > Identity Experience Framework > Policy Keys.
3. Click +Add, and then click Options > Upload.
4. Enter a Name (for example, YourAppNameSamlCert). The prefix B2C_1A_ is automatically added to the name of your key.
5. Upload your certificate using the upload file control.
6. Enter the certificate’s password.
7. Click Create.
8. Verify that you’ve created a key (for example, B2C_1A_YourAppNameSamlCert).

https://dzone.com/articles/saml-based-sso-with-azure-ad-b2c-as-an-idp

这篇关于Azure B2C - 用于SAML应用程序的PFX的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！