I am currently implementing SAML sign in for our B2C tenants based on the documentation. I already did this a couple of weeks ago as a proof of concept. However, the recent breaking change now prevents me from implementing the solution.
I now get this error when I try to set up the identifierUris.
Failed to update B2C-SamlSignIn application. Error detail: Values of IdentifierUris property must use a verified domain of the organization or its subdomain:
In my working proof of concept, I had a identifierUrl which does not fit into the new requirements for the domain. Without it, the solution is no longer working with the external application I am trying to connect. I get a redirect loop when I initiate login. The loop indicates that the removed identifierUri is the issue:
<samlp:StatusMessage>Application registered corresponding to IssuerUri https://someotherdomain/somethingspecific in AuthRequest does not have assertion consumer service URL https://someotherdomain/somethingspecific/broker/saml/endpoint specified in its metadata.</samlp:StatusMessage><samlp:StatusDetail>
https://someotherdomain/somethingspecific is the value I had set up before. I cannot change the entityId in the other application.
Is there a way to get it working again? I tried creating a new application which has "Accounts in any identity provider or organizational directory (for authenticating users with user flows)", but the same restrictions seem to apply there.
There was a change made. in the App manifest, update the accessTokenAcceptedVersion to: 2.
If you do not update the accessTokenAcceptedVersion to 2 you will recieve an error message requiring a verified domain.