Azure AD B2C custom policy get ClientId in SAML integration

Question

I'm building a custom AAD B2C policy for a tenant which provides authentication for several apps, some of which use OIDC and some of which use SAML. The SAML apps all use the same sing-up/sign-in relying party policy, and all the OIDC apps use a different relying party policy. One thing in common for the sign-in user journey in all the apps is they need to call an API passing the app id as a parameter. This is straightforward for OIDC with the {OIDC:ClientId} claims resolver, however I'm not sure how to do this for SAML, as there isn't a similar claims resolver. The solution I've found for now is to create individual relying party policies for each SAML app and hard-code the app id in the policy. Is there a better solution to this problem?

Looking at the decoded payload of the request sent to the SAML policy, it looks like the following:

<?xml version="1.0"?>
<samlp:AuthnRequest 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    Destination="https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/mySamlPolicy/samlp/sso/login"
    ID="_xxxxxxxxxxxxx" 
    IssueInstant="2022-02-23T11:55:27Z" 
    Version="2.0">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://example.com/path</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

Answer 1

ClientID is part of the OIDC spec.

It is not part of SAML.

SAML returns a SAML token in XML and API's generally require a JWT in JSON.

The SAML spec. doesn't really cater for REST API.