What does KMSI in Azure B2C actually DO

0 votes

 we now know how to use (annoyingly complex) XML policy files to set up some UI for a checkbook. But what is this actually doing? Where is the info on this?

  • Is it providing the client a new ID Token without re-auth?
  • Is it providing a new auth_code?
  • Is it using a hidden i-frame?
  • How is a refresh actually called/accomplished from the client app? (SPA)
Apr 4, 2022 in Azure by Edureka
• 13,620 points
1,350 views

1 answer to this question.

0 votes
KMSI: Sets a persistent session cookie for the length of time you choose. It implies that even if the user closes the browser, they won't have to re-present credentials to AAD B2C the next time they visit your website. The greatest amount of time you may set this to is around 65 years.

Sets a session cookie when there is no KMSI (non persistent). If users close their browser, they must give their credentials to AAD B2C the next time they visit your website. The longest period someone may connect without re-presenting credentials for your website is 24 hours if they didn't close the browser, simply the tab.

The above criteria apply to the login and token renewal processes while using KMSI + Implicit Flow (SPA). The AAD B2C cookie is utilised and a hidden iframe is used. To issue a new AT, it employs a hidden iframe that leverages the AAD B2C session cookie.

For token renewals where the refresh token is valid, the above requirements are disregarded. The rules above only apply if the Refresh Token has expired or is not available; otherwise, this is the fallback. Otherwise, they aren't relevant because the Refresh token flow isn't reliant on cookies. Tokens are valid for a maximum of 24 hours. The OIDC refresh token flow is performed via a hidden iframe. However, you will receive a new Auth Code after the AAD B2C session cookie is processed.

KMSI + Code/PKCE (Web App) - For token renewals when the refresh token is valid, the above criteria are disregarded. The restrictions above only apply if the Refresh Token has expired or is not available. They don't apply if Refresh token isn't used because cookies aren't used. The maximum refresh token is 90 days, after which you revert to using the cookie. However, you will receive a new Auth Code after the AAD B2C session cookie is processed.
answered Apr 7, 2022 by Edureka
• 12,690 points

Related Questions In Azure

0 votes
0 answers

What is the role of Advanced SME in Azure Synapse Analytics?

I watched a training video for Azure ...READ MORE

Feb 14, 2023 in Azure by Damonlang
• 1,230 points
403 views
0 votes
1 answer

What is resource group in Azure?

In Microsoft Azure, a resource group is ...READ MORE

answered Nov 2, 2023 in Azure by anonymous
• 3,360 points
469 views
0 votes
1 answer

What is DTU in Azure?

In the context of Microsoft Azure, DTU ...READ MORE

answered Dec 4, 2023 in Azure by Kalidas
515 views
0 votes
1 answer

What is ADF in Azure?

ADF stands for Azure Data Factory, which ...READ MORE

answered Feb 19 in Azure by Preetha
394 views
0 votes
0 answers

How to delete Azure DevOps enterprise application?

I have an Azure AD B2C tenant ...READ MORE

Mar 26, 2022 in Other DevOps Questions by Kichu
• 19,050 points
395 views
0 votes
0 answers

Azure AD vs Azure AD B2C vs Azure AD B2B

Prior to the introduction of Azure AD ...READ MORE

Apr 12, 2022 in Azure by Edureka
• 13,620 points
1,012 views
0 votes
0 answers

Azure DevOps REST API Authentication with PKCE

Does Azure DevOps REST API support OAuth ...READ MORE

Apr 17, 2022 in Other DevOps Questions by Kichu
• 19,050 points
572 views
0 votes
1 answer
0 votes
1 answer

Azure Search synonyms not reflecting in results

You most certainly should. If the words ...READ MORE

answered Mar 2, 2022 in Azure by Edureka
• 12,690 points
793 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP