What does KMSI in Azure B2C actually DO

0 votes

 we now know how to use (annoyingly complex) XML policy files to set up some UI for a checkbook. But what is this actually doing? Where is the info on this?

  • Is it providing the client a new ID Token without re-auth?
  • Is it providing a new auth_code?
  • Is it using a hidden i-frame?
  • How is a refresh actually called/accomplished from the client app? (SPA)
Apr 4 in Azure by Edureka
• 8,240 points
62 views

1 answer to this question.

0 votes
KMSI: Sets a persistent session cookie for the length of time you choose. It implies that even if the user closes the browser, they won't have to re-present credentials to AAD B2C the next time they visit your website. The greatest amount of time you may set this to is around 65 years.

Sets a session cookie when there is no KMSI (non persistent). If users close their browser, they must give their credentials to AAD B2C the next time they visit your website. The longest period someone may connect without re-presenting credentials for your website is 24 hours if they didn't close the browser, simply the tab.

The above criteria apply to the login and token renewal processes while using KMSI + Implicit Flow (SPA). The AAD B2C cookie is utilised and a hidden iframe is used. To issue a new AT, it employs a hidden iframe that leverages the AAD B2C session cookie.

For token renewals where the refresh token is valid, the above requirements are disregarded. The rules above only apply if the Refresh Token has expired or is not available; otherwise, this is the fallback. Otherwise, they aren't relevant because the Refresh token flow isn't reliant on cookies. Tokens are valid for a maximum of 24 hours. The OIDC refresh token flow is performed via a hidden iframe. However, you will receive a new Auth Code after the AAD B2C session cookie is processed.

KMSI + Code/PKCE (Web App) - For token renewals when the refresh token is valid, the above criteria are disregarded. The restrictions above only apply if the Refresh Token has expired or is not available. They don't apply if Refresh token isn't used because cookies aren't used. The maximum refresh token is 90 days, after which you revert to using the cookie. However, you will receive a new Auth Code after the AAD B2C session cookie is processed.
answered Apr 7 by Edureka
• 9,540 points

Related Questions In Azure

0 votes
1 answer
0 votes
1 answer

Azure Pricing Calculator for Hours in Cloud Service

The best method to understand Cloud Service ...READ MORE

answered Mar 29 in Azure by Edureka
• 9,540 points
40 views
0 votes
0 answers

How to delete Azure DevOps enterprise application?

I have an Azure AD B2C tenant ...READ MORE

Mar 26 in Other DevOps Questions by Kichu
• 19,040 points
33 views
0 votes
0 answers
0 votes
0 answers

Azure DevOps REST API Authentication with PKCE

Does Azure DevOps REST API support OAuth ...READ MORE

Apr 17 in Other DevOps Questions by Kichu
• 19,040 points
50 views
0 votes
1 answer
0 votes
1 answer

Azure Search synonyms not reflecting in results

You most certainly should. If the words ...READ MORE

answered Mar 2 in Azure by Edureka
• 9,540 points
49 views
webinar REGISTER FOR FREE WEBINAR X
Send OTP
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP