I'm trying to get Azure AD to generate SAML tokens to allow login for an external website (not using Azure in any way)
However, I think I don't get some of the basics here? I know SAML/IdP/RP/SP but I don't find the right menus/settings in Azure AD?
I've got a website like:
to which, normally, end users browse (http) and then automatically/immediately are redirected (GET) to something like:
There they use a login form to supply username/password (unless they are already logged in to the idp-service), and they are then redirected (POST) to:
with a SAMLResponse that contains a token that mysite.com may use to allow the end user access. And everyone are happy :-)
However, now I'd like to stop using idp-service.com and instead use Azure AD.
Thus, I bought a "Azure Premium" account and created an "app registration", where I entered:
Home page URL: www.mysite.com/login-page
Reply URL: www.mysite.com/logged-in-page
Now, when "starting the external app" from the Azure portal, I do get redirected to this mysite page - but I then of course need some URL to redirect the user back to the Azure IDP again, to request a SAML token.
I understand that I probably should use some endpoint URL with parameters "client_id" or similar, but I honestly cannot understand how to find/determine the correct URL?
Also, how do I get hold of the (public) certificate that I should copy to mysite.com and use to verify the signature?
The app registration properties specifies something like
Application ID: XXX-YYY-ZZZ
App ID URI: https://mysite.onmicrosoft.com/XXX-YYY-ZZZ
...but I don't get how to construct the URL that will let end users login to Azure, and eventually be redirected to the mysite reply URL.
Any suggestions? Or do I miss some very basic prerequisite here?