通过IEF自定义策略,索赔提供商->quot;OpenIdConnect";Technical Profile的元数据指向第三方IDP的OIDC元数据端点。
运行策略时,Azure ADB2C自定义策略返回:
"无法连接到元数据端点">
第二次异常
"请求已中止:无法创建SSL/TLS安全通道">
{
"Kind": "FatalException",
"Content": {
"Time": "0:00 PM",
"Exception": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "Unable to connect to the metadata endpoint 'https://<redacted>/.well-known/openid-configuration'",
"Data": {
"IsPolicySpecificError": false,
"uri": "https://<redacted>/.well-known/openid-configuration"
},
"Exception": {
"Kind": "Handled",
"HResult": "80131500",
"Message": "An error occurred while sending the request.",
"Data": {},
"Exception": {
"Kind": "Handled",
"HResult": "80131509",
"Message": "The request was aborted: Could not create SSL/TLS secure channel.",
"Data": {}
}
}
}
}
}
由于idp仅支持单个密码-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xc013(,这可能是限制因素。是否有AAD/AAD B2C文档已知或发布的支持SSL/TLS协议和密码列表?
SSL证书是有效的,并且有一个到主要可信证书颁发机构的链。
元数据端点必须由有效CA签名的证书保护。
向IDP添加额外的TLS 1.2密码";已解决";问题-仍然不清楚为什么这一变化实际上修复了任何问题,因为对密码的零星支持似乎表明b2c场出站密码支持或IDP的入站密码支持存在问题。。。已尽职调查,确认IDP在每个连接上提供相同的密码TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xc013(。
添加到IDP:的密码
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xc030(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xc014(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xc028(TLS_RSA_WITH_AES_256_GCM_SHA384(0x9dTLS_RSA_WITH_CAMELLIA_256_CBC_SHA(0x84(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xc02f(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xc013(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xc027(TLS_RSA_WITH_AES_128_GCM_SHA256(0x9cTLS_RSA_WITH_CAMELLIA_128_CBC_SHA(0x41(