Unnecessary request to Azure B2C for 2nd application login

A-F.van.Hezewijk · February 15, 2024, 3:45pm

Hey all,

Setup:

Applications A and B (Both .Net Framework)
Auth0 (Actually a double setup with Product Group Tenant and Master Tenant, but that is probably not relevant for this setup)
External IDP > Azure B2C (SAML Connection)

We are experiencing a problem when logging in with Auth0. When Im logged in with App A, and use Azure B2C for authentication everything is going great. User is successfully logged in into application A and also in Azure.
Problem starts when logging in with App B. Whenever a user does that, a call to Auth0 will be done to authenticate, but also to Azure B2C.
Why is the call to Azure B2C made, when I have already logged into Auth0? The same call in IdentityServer does not progress beyond Identityserver itself, which is as expected?

What can trigger this behavior?

Requested scope is similar, although App B requests less.
Token type in request is more in App B. App A requests idtoken and code, whilst B requests also the accesstoken right away.
Endpoints are the same
Connection is the same (SAML)

Regards,

Freek

A-F.van.Hezewijk · May 3, 2024, 9:31am

After talking to Auth0 support, this appears to be default functionality in Auth0 whenever you send in a connection parameter. If you for instance link to Azure Entra as IDP, and do a request to login with an added connection for the Azure Entra IDP, it will always bubble up all the way to Azure.

If you omit the connection, this behavior will not occur.

system · May 17, 2024, 9:31am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.