I'm trying to federate with an Azure B2C instance. In this case, Azure is the IdP and NAM is the SP, so I'm configuring the Azure IdP as a SAML 2.0 Identity Provider in NAM.
One issue I am seeing is that Azure won't sign the SAML Assertion unless the metadata contains WantAssertionSigned="true" in the SPSSODescriptor. Per Microsoft doc here:
When your application expects the SAML assertion section to be signed, make sure the SAML service provider set the
WantAssertionsSigned
totrue
. If it's set tofalse
or doesn't exist, the assertion section won't be signed.
I don't see any way to make NAM generate metadata with that setting. Is there an option or other hack that will allow this?
This is NAM 5.0 SP4.
Thanks.
Matt