What does KMSI in Azure B2C actually DO

0 votes

 we now know how to use (annoyingly complex) XML policy files to set up some UI for a checkbook. But what is this actually doing? Where is the info on this?

  • Is it providing the client a new ID Token without re-auth?
  • Is it providing a new auth_code?
  • Is it using a hidden i-frame?
  • How is a refresh actually called/accomplished from the client app? (SPA)
Apr 4, 2022 in Azure by Edureka
• 12,890 points
369 views

1 answer to this question.

0 votes
KMSI: Sets a persistent session cookie for the length of time you choose. It implies that even if the user closes the browser, they won't have to re-present credentials to AAD B2C the next time they visit your website. The greatest amount of time you may set this to is around 65 years.

Sets a session cookie when there is no KMSI (non persistent). If users close their browser, they must give their credentials to AAD B2C the next time they visit your website. The longest period someone may connect without re-presenting credentials for your website is 24 hours if they didn't close the browser, simply the tab.

The above criteria apply to the login and token renewal processes while using KMSI + Implicit Flow (SPA). The AAD B2C cookie is utilised and a hidden iframe is used. To issue a new AT, it employs a hidden iframe that leverages the AAD B2C session cookie.

For token renewals where the refresh token is valid, the above requirements are disregarded. The rules above only apply if the Refresh Token has expired or is not available; otherwise, this is the fallback. Otherwise, they aren't relevant because the Refresh token flow isn't reliant on cookies. Tokens are valid for a maximum of 24 hours. The OIDC refresh token flow is performed via a hidden iframe. However, you will receive a new Auth Code after the AAD B2C session cookie is processed.

KMSI + Code/PKCE (Web App) - For token renewals when the refresh token is valid, the above criteria are disregarded. The restrictions above only apply if the Refresh Token has expired or is not available. They don't apply if Refresh token isn't used because cookies aren't used. The maximum refresh token is 90 days, after which you revert to using the cookie. However, you will receive a new Auth Code after the AAD B2C session cookie is processed.
answered Apr 7, 2022 by Edureka
• 11,450 points

Related Questions In Azure

0 votes
1 answer

Can I create virtual machine without virtual network in Azure Resource Manager?

A VNet is used to provide the ...READ MORE

answered Mar 4, 2022 in Azure by Edureka
• 12,890 points
580 views
0 votes
1 answer
0 votes
1 answer

Azure Pricing Calculator for Hours in Cloud Service

The best method to understand Cloud Service ...READ MORE

answered Mar 29, 2022 in Azure by Edureka
• 11,450 points
178 views
0 votes
0 answers

How to delete Azure DevOps enterprise application?

I have an Azure AD B2C tenant ...READ MORE

Mar 26, 2022 in Other DevOps Questions by Kichu
• 19,040 points
117 views
0 votes
0 answers

Azure AD vs Azure AD B2C vs Azure AD B2B

Prior to the introduction of Azure AD ...READ MORE

Apr 12, 2022 in Azure by Edureka
• 12,890 points
363 views
0 votes
0 answers

Azure DevOps REST API Authentication with PKCE

Does Azure DevOps REST API support OAuth ...READ MORE

Apr 17, 2022 in Other DevOps Questions by Kichu
• 19,040 points
198 views
0 votes
1 answer
0 votes
1 answer

Azure Search synonyms not reflecting in results

You most certainly should. If the words ...READ MORE

answered Mar 2, 2022 in Azure by Edureka
• 11,450 points
151 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP