Avatar of mkavinsky
mkavinsky
 asked on

How do I make the application an IdP initiated request in Azure AD (Enterprise Apps)?

Need assistance with an Azure AD enterprise app configuration for SSO SAML.  Getting an error: AADSTS500031: Cannot find signing certificate configured”.   So I was told by the app provider that a signing certificate is not need if doing an IdP initiated request.   


Azure* Single Sign On (SSO)* SAML

Avatar of undefined
Last Comment
mkavinsky

8/22/2022 - Mon
Aard Vark

Whether you're using SP-init or IdP-init you're going to be signing your SAML assertion (and you should). Just install the SAML signing certificate from Azure AD. From https://portal.azure.com:
  1. Open Azure AD.
  2. Select Enterprise applications.
  3. Find your application.
  4. Select Single sign-on.
  5. Section 3, if the certificate has not expired (they last 3 years), download the base 64 certificate, otherwise select edit.
  6. Create a new certificate, download it, install it on the SP, active the certificate in Azure AD.
Managing SAML signing certificates is very easy.

mkavinsky

ASKER
Aard Vark

thank you for your response and appreciate your answer.  The question I guess I still have though is that the SAML signing certificate is still going to be needed then correct? (for the assertion) yet the vendor stated a signing certificate was not required if doing an IDP initiated request?   so if Section 3 (Step 5 of your instructions on top) is not required then how do my make it an idp initiated request? sorry this is my first stab at this as I am figuring out the process here.  thank you
Aard Vark

Go via MyApps:

https://myapps.microsoft.com

The link in here, is the IdP-init URL. If you have hidden the application from being viewed, just enable it for view, copy the link, and re-hide it.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
mkavinsky

ASKER
Thank you Aard Vark

I found the link you spoke of but I guess Im still not understanding what I am doing with that?  Do I still need to create the cert, download it and install on the SP?  or skip that and use the link (from the myapps.microsoft.com) and do what with that link?  Im just confused with what the vendor asked.  Im going to reach back out to them as well but was hoping I can finish this application and get it up and running.    Thank you again!
ASKER CERTIFIED SOLUTION
Aard Vark

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
mkavinsky

ASKER
Thank you!   So I found out the vendor did have the certificate I sent them prior but forgot. So I was able to complete this thanks to your help and guidance.  yeah, thats why I was getting so confused too here.  I think we are good.

Thank you  Aard Vark!