Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

az cli unable to --set for "Sign on URL" for SAML Enterprise App/Service Principal #13521

Closed
nickadams675 opened this issue May 15, 2020 · 4 comments
Closed

az cli unable to --set for "Sign on URL" for SAML Enterprise App/Service Principal #13521

nickadams675 opened this issue May 15, 2020 · 4 comments
Assignees
@jiasli
Labels
Graph az ad
Milestone
S171

Comments

@nickadams675
Copy link

nickadams675 commented May 15, 2020
edited
Loading

version 2.5.1

Describe the bug
Hello, I am working to leverage either "az rest" or "az ad sp --set" to update the field for what is showing in the Azure Portal as "Sign on URL" under:
Enterprise Applications>Single sign-on>SAML>"Basic SAML Configuration"> "Sign on URL"

To Reproduce
az ad show --id <application_id>
This is missing an element/object for "Sign on URL"

Expected behavior
Using az rest or az ad sp --set should be able to add data to this field

Environment summary
Mac OS, az-cli version 2.5.1

Additional context
This data also appears to not be listed in the Application Registration Manifest either.

Thanks!
@ghost ghost added needs-triage This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels May 15, 2020
@yonzhan yonzhan added the Graph az ad label May 16, 2020
@ghost ghost removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label May 16, 2020
@yonzhan yonzhan added this to the S170 milestone May 16, 2020
@yonzhan
Copy link
Collaborator

yonzhan commented May 16, 2020

add to S170

@jiasli
Copy link
Member

jiasli commented May 21, 2020

Hi @nickadams675, as AAD is not actively maintaining the AD Graph 1.6 API anymore. Could you check #12946 and see if this can be done via az rest and Microsoft Graph API?

@nickadams675
Copy link
Author

@jiasli thanks for the reply!

I don't see an object/property to support a field such as "Entity ID" that I could use -m PATCH on:

$ az rest -m GET -u https://graph.microsoft.com/beta/servicePrincipals/redcacted
{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#servicePrincipals/$entity",
  "accountEnabled": true,
  "addIns": [],
  "alternativeNames": [],
  "api": {
    "resourceSpecificApplicationPermissions": []
  },
  "appDescription": null,
  "appDisplayName": "redacted",
  "appId": "redacted",
  "appOwnerOrganizationId": "redacted",
  "appRoleAssignmentRequired": false,
  "appRoles": [
    {
      "allowedMemberTypes": [
        "User"
      ],
      "description": "User",
      "displayName": "User",
      "id": "b3ee91b8-c12a-492d-82ab-972155ea58d8",
      "isEnabled": true,
      "origin": "Application",
      "value": ""
    },
    {
      "allowedMemberTypes": [
        "User"
      ],
      "description": "msiam_access",
      "displayName": "msiam_access",
      "id": "f66f118e-2896-4510-bf97-482bf190691b",
      "isEnabled": true,
      "origin": "Application",
      "value": ""
    }
  ],
  "applicationTemplateId": null,
  "deletedDateTime": null,
  "description": null,
  "displayName": "redacted",
  "errorUrl": null,
  "homepage": "https://redacted",
  "id": "redacted",
  "info": {
    "logoUrl": null,
    "marketingUrl": null,
    "privacyStatementUrl": null,
    "supportUrl": null,
    "termsOfServiceUrl": null
  },
  "isAuthorizationServiceEnabled": false,
  "keyCredentials": [
    {
      "customKeyIdentifier": "5etutkqotIzneUXV27ri42HeO1hpWOPj+GS+4eDAWi4=",
      "displayName": "CN=Microsoft Azure Federated SSO Certificate",
      "endDateTime": "2023-05-15T16:21:01Z",
      "key": null,
      "keyId": "65924f00-46f9-4ef8-bb4d-2182646c6435",
      "startDateTime": "2020-05-15T16:21:01Z",
      "type": "AsymmetricX509Cert",
      "usage": "Verify"
    },
    {
      "customKeyIdentifier": "5etutkqotIzneUXV27ri42HeO1hpWOPj+GS+4eDAWi4=",
      "displayName": "CN=Microsoft Azure Federated SSO Certificate",
      "endDateTime": "2023-05-15T16:21:01Z",
      "key": null,
      "keyId": "18a9b35d-13a0-4c6f-96b5-dee067ecaf8f",
      "startDateTime": "2020-05-15T16:21:01Z",
      "type": "AsymmetricX509Cert",
      "usage": "Sign"
    }
  ],
  "loginUrl": null,
  "logoutUrl": null,
  "notes": null,
  "notificationEmailAddresses": [],
  "passwordCredentials": [
    {
      "customKeyIdentifier": "5etutkqotIzneUXV27ri42HeO1hpWOPj+GS+4eDAWi4=",
      "displayName": "CN=Microsoft Azure Federated SSO Certificate",
      "endDateTime": "2023-05-15T16:21:01Z",
      "hint": null,
      "keyId": "18a9b35d-13a0-4c6f-96b5-dee067ecaf8f",
      "secretText": null,
      "startDateTime": "2020-05-15T16:21:01Z"
    }
  ],
  "preferredSingleSignOnMode": "saml",
  "preferredTokenSigningKeyEndDateTime": "2023-05-15T16:21:01Z",
  "preferredTokenSigningKeyThumbprint": "00743095C6CB5C4875B426EAA8429685DA26F15A",
  "publishedPermissionScopes": [
    {
      "adminConsentDescription": "Allow the application to access CPC-PROD-VCD-S632836SL7A on behalf of the signed-in user.",
      "adminConsentDisplayName": "Access CPC-PROD-VCD-S632836SL7A",
      "id": "e08de71f-948f-4a16-8184-7f6db1760020",
      "isEnabled": true,
      "type": "User",
      "userConsentDescription": "Allow the application to access CPC-PROD-VCD-S632836SL7A on your behalf.",
      "userConsentDisplayName": "Access CPC-PROD-VCD-S632836SL7A",
      "value": "user_impersonation"
    }
  ],
  "publisherName": "redacted",
  "replyUrls": [
    "https://redacted",
    "https://redacted",
    "https://redacted",
    "https://redacted"
  ],
  "samlMetadataUrl": null,
  "samlSingleSignOnSettings": null,
  "servicePrincipalNames": [
    "redacted",
    "v"
  ],
  "servicePrincipalType": "Application",
  "signInAudience": "AzureADMyOrg",
  "tags": [
    "WindowsAzureActiveDirectoryGalleryApplicationNonPrimaryV1",
    "WindowsAzureActiveDirectoryIntegratedApp",
    "WindowsAzureActiveDirectoryCustomSingleSignOnApplication"
  ],
  "tokenEncryptionKeyId": null,
  "verifiedPublisher": {
    "addedDateTime": null,
    "displayName": null,
    "verifiedPublisherId": null
  }
}

I may have missed it though.

Thanks!

@jiasli
Copy link
Member

jiasli commented May 21, 2020

@nickadams675, do you mind creating a support request in Azure Portal for AAD? I'd like to help but I am not quite familiar with the latest Microsoft Graph API. Thanks for understanding.

image

@yonzhan yonzhan removed the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label May 31, 2020
@yonzhan yonzhan modified the milestones: S170, S171 May 31, 2020
@yonzhan yonzhan closed this as completed May 31, 2020
@nickadams675 nickadams675 mentioned this issue Jul 24, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiasli jiasli

Labels
Graph az ad
Projects
None yet
Milestone
S171
Development

No branches or pull requests
3 participants
@jiasli @nickadams675 @yonzhan