Hi, I would like to try your solution. Is it still current? Does the installation documentation not yet exist?

Hi @asorcinelli , the solution is still current and widely used. Official docs is still not yet available but you can use the one available in #44

Hi @fume, thanks for the reply. Yes, I saw the documentation and managed to set up the entire environment. I have a problem, but I don't want to dwell on it here as I don't think it's the right place. Could I contact you somehow and explain the problem? Maybe you can help me. Thank you.

Hi @fume, thanks for all your teamwork. I followed the documentation and configured the entire environment but I have a problem with the response from the proxy to Azure b2c, I always receive an error from b2c: "The service provider is not a valid audience of the assertion". I checked all the available docs and I suppose the problem is on parameters configuration of proxy. I have some doubts about the last section of documentation where you explain how to configure the app settings of Proxy.
This is our configuration:

"Federator": { "MetadataUrl": "https://xxxx.xxxx.it/metadata/metadata.xml", "SPIDEntityId": "https://xxxx.xxxx.it", "CIEEntityId": "https://xxx.xxxxx.it", "EntityId": "https://xxxx.xxxxx.it", //or IdentityExperienceFrameworkAppId??? "FederatorAttributeConsumerServiceUrl": "https://xxxx.b2clogin.com/xxxx.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer", },
https://xxxx.xxxx.it is the public URL where we deployed your proxy solution.

I suppose the problem is with the EntityId parameter that is involved in the audience settings of the requests.
On the EntityId parameter, I tried to set the IdentityExperienceFrameworkAppId but still did not work

The parameters seem to you, right? Do you notice any mistakes? If you are available, I could contact you or someone on your team to help me to resolve this issue. Thank you.

Hi @gicaz,
i apologize for the late reply!

Could you please share a SAMLTrace of the authentication process? That would definetely help to troubleshoot the error, but most probably you are right: something in the SPIDProxy setting could be wrong.

As a recap:

• MetadataUrl: unused 😄
• SPIDEntityId: is the entityId of the metadata sent to AgID (or uploaded on the Demo SPID Gov environment)
• CIEEntityId: is the entityID of the metadata uploaded on the 'Portale Federazione CIE'. Could be the same as SPIDEntityId
• EntityId: is the entityId of AAD B2C (usually something like 'https://your-tenant.b2clogin.com/your-tenant.onmicrosoft.com/B2C_1A_TrustFrameworkBase'
• FederatorAttributeConsumerServiceUrl: is the endpoint where the SPIDProxy should forward the samlresponse. Your value format seems correct to me

HI @fume, thank you very much for your reply. Now it works!
I made a mistake with the EntityID parameter as I had assumed.
I configured the EntityID as you described and the authentication was completed successfully.
Now I correctly receive the JWT from Azure B2C and log in to the test app.