SSO with Atlassian Cloud using Azure B2C as SAML and replyUrlsWithType not supporting query strings

Question

Trying to enable SSO with Atlassian Cloud using Azure B2C as SAML provider. I have been able to make considerable progress using the claim policies, which are well described in azure B2C documentation. https://learn.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers

However, I am stuck at the last step setting the Atlassian cloud SP Assertion Consumer Service URL in the Azure B2C portal in the SAML app manifest as the replyUrlsWithType. However, the url from the Atlassian cloud contains a query string, which for security reasons is not allowed by Azure B2C.

replyUrlsWithType": [        
{            "url": "https://auth.atlassian.com/login/callback?connection=saml-1xxxxx XXXX",            
"type": "Web"        }

is not allowed in the manifest by the azure B2C. Not surprisingly when I remove the query string part I get the error url:

https://id.atlassian.com/login/callback?continue=https%3A%2F%2Fadmin.atlassian.com%2Fo%2F%2Fsaml%3Fare%3Daid&error=unauthorized&error_description=Application%20registered%20corresponding%20to%20IssuerUri%20%22https%3A%2F%2Fauth.atlassian.com%2Fsaml%2F1ea877e2-b5d4-49f1-934b-dfed837fde26%22%20in%20AuthRequest%20does%20not%20have%20assertion%20consumer%20service%20URL%20%22https%3A%2F%2Fauth.atlassian.com%2Flogin%2Fcallback%22%20specified%20in%20its%20metadata.&state=eyJ1c2V

This is not surprising given the requirement. I am wondering if there is a workaround from atlassian or Azure. I believe some organizations have been able to successfully implement SSO with azure B2C, any help from them will be appreciated. Thanks Ajay

Answer 1

Yes, we are aware about this issue. Try adding the "/" after callback and before the "?" of your query string.