Link to home
Start Free TrialLog in
Avatar of mkavinsky
mkavinsky

asked on

How do I make the application an IdP initiated request in Azure AD (Enterprise Apps)?

Need assistance with an Azure AD enterprise app configuration for SSO SAML.  Getting an error: AADSTS500031: Cannot find signing certificate configured”.   So I was told by the app provider that a signing certificate is not need if doing an IdP initiated request.   


Avatar of Aard Vark
Aard Vark
Flag of Australia image

Whether you're using SP-init or IdP-init you're going to be signing your SAML assertion (and you should). Just install the SAML signing certificate from Azure AD. From https://portal.azure.com:
  1. Open Azure AD.
  2. Select Enterprise applications.
  3. Find your application.
  4. Select Single sign-on.
  5. Section 3, if the certificate has not expired (they last 3 years), download the base 64 certificate, otherwise select edit.
  6. Create a new certificate, download it, install it on the SP, active the certificate in Azure AD.
Managing SAML signing certificates is very easy.

Avatar of mkavinsky
mkavinsky

ASKER

Aard Vark

thank you for your response and appreciate your answer.  The question I guess I still have though is that the SAML signing certificate is still going to be needed then correct? (for the assertion) yet the vendor stated a signing certificate was not required if doing an IDP initiated request?   so if Section 3 (Step 5 of your instructions on top) is not required then how do my make it an idp initiated request? sorry this is my first stab at this as I am figuring out the process here.  thank you
Go via MyApps:

https://myapps.microsoft.com

The link in here, is the IdP-init URL. If you have hidden the application from being viewed, just enable it for view, copy the link, and re-hide it.
Thank you Aard Vark

I found the link you spoke of but I guess Im still not understanding what I am doing with that?  Do I still need to create the cert, download it and install on the SP?  or skip that and use the link (from the myapps.microsoft.com) and do what with that link?  Im just confused with what the vendor asked.  Im going to reach back out to them as well but was hoping I can finish this application and get it up and running.    Thank you again!
ASKER CERTIFIED SOLUTION
Avatar of Aard Vark
Aard Vark
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you!   So I found out the vendor did have the certificate I sent them prior but forgot. So I was able to complete this thanks to your help and guidance.  yeah, thats why I was getting so confused too here.  I think we are good.

Thank you  Aard Vark!