Wednesday, November 27, 2019

Include the App Role in Azure AD Enterprise Application SAML response

This post is only focus on including the App Role in the SAML response.

Please refer to the following posts for Setup the App Role and Setup the SAML SSO.

Once you have the App Role setup, the user.assignedroles will be made available in the claim source attributes.

Just select that from drop down for your claim setup.



Setup App role in Enterprise App in Azure AD

I actually tried to figure out the how-to from this article Application roles.

1. Go to Azure Active Directory > App Registrations


For step 5, some tips/rules to follow.

  • The displayName and value must be in one word, no space is allowed. I learn in hard way.
  • The id can be generated using this Online GUID generator
  • Also, in order to support multiple group assignment, the groupMembershipClaim in the manifest must be set to "All", the default value is null. See below:
"groupMembershipClaims": "All",


Once this is updated, the new Role will be visible in the user/group assignment.

7. Go to Azure Directory > Enterprise App > Your App > Users and Groups > Add User



The user/group list will be displayed accordingly.


Ta-da, done~

The roles setup in this way is meant for this special application only. To use the roles from Azure AD security group. I haven't check that out.


Friday, November 15, 2019

How to view jks file content

keytool -list -v -keystore [enter keystore file] -storepass [enter keystore password]