diff options
Diffstat (limited to 'doc/administration/auth/oidc.md')
-rw-r--r-- | doc/administration/auth/oidc.md | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md index 60a4cc8706f..8c5bf96e99e 100644 --- a/doc/administration/auth/oidc.md +++ b/doc/administration/auth/oidc.md @@ -250,8 +250,8 @@ but `LocalAccounts` works for authenticating against local, Active Directory acc <OutputClaim ClaimTypeReferenceId="signInNames.emailAddress" PartnerClaimType="email" /> ``` -1. For OIDC discovery to work with B2C, the policy must be configured with an issuer compatible with the [OIDC - specification](https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.4.3). +1. For OIDC discovery to work with B2C, the policy must be configured with an issuer compatible with the + [OIDC specification](https://openid.net/specs/openid-connect-discovery-1_0.html#rfc.section.4.3). See the [token compatibility settings](https://docs.microsoft.com/en-us/azure/active-directory-b2c/configure-tokens?pivots=b2c-custom-policy#token-compatibility-settings). In `TrustFrameworkBase.xml` under `JwtIssuer`, set `IssuanceClaimPattern` to `AuthorityWithTfp`: @@ -529,8 +529,7 @@ If you're having trouble, here are some tips: 1. Check your system clock to ensure the time is synchronized properly. -1. As mentioned in [the - documentation](https://github.com/m0n9oose/omniauth_openid_connect), +1. As mentioned in [the documentation](https://github.com/m0n9oose/omniauth_openid_connect), make sure `issuer` corresponds to the base URL of the Discovery URL. For example, `https://accounts.google.com` is used for the URL `https://accounts.google.com/.well-known/openid-configuration`. @@ -540,5 +539,4 @@ If you're having trouble, here are some tips: If you are seeing 401 errors upon retrieving the `userinfo` endpoint, you may want to check your OpenID Web server configuration. For example, for [`oauth2-server-php`](https://github.com/bshaffer/oauth2-server-php), you - may need to [add a configuration parameter to - Apache](https://github.com/bshaffer/oauth2-server-php/issues/926#issuecomment-387502778). + may need to [add a configuration parameter to Apache](https://github.com/bshaffer/oauth2-server-php/issues/926#issuecomment-387502778). |