Adobe Experience Manager Sites & More

Hi everyone,

We are migrating our Azure AD B2C login systems, which are currently using SAML, to the OpenID Connect (OIDC) protocol. We came across this documentation: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/security/open-id...
and we are using it for our implementation.

The problem is that we are getting the following error:

Caused by: com.nimbusds.oauth2.sdk.GeneralException: The returned issuer doesn't match the expected: https://apexbrasilb2cdev.b2clogin.com/[my_tenant_id]/

even though we are setting the baseUrl correctly, as shown in the document:

"baseUrl": "https://apexbrasilb2cdev.b2clogin.com/[my_tenant_id]/[my_custom_policy]"


And the well-known configuration is located at:

https://apexbrasilb2cdev.b2clogin.com/[my_tenant_id]/[my_custom_policy]/v2.0/.well-known/openid-conf...


Inside the .well-known file, the issuer is defined as:

"issuer": "https://apexbrasilb2cdev.b2clogin.com/[my_tenant_id]/v2.0/"


My first question is whether this documentation and the native OIDC support for the publish tier works with Azure AD B2C (since the document only mentions Entra ID / Azure AD).

Second, what could be causing this error? Everything appears to be configured correctly.