Get SAML applications details #63
bastienperez
started this conversation in
Samples
Replies: 1 comment
-
|
Do you have a mechanism to also pull back the claims being sent when the application is used? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
In SAML (Security Assertion Markup Language), certificate-based signing is important for ensuring the integrity and authenticity of SAML messages.
When a SAML message is digitally signed using a certificate, it provides assurance that the message was not tampered with during transmission and that the sender of the message is who they claim to be.
It is important to get notified about token signing certificate expiration in SAML because if the certificate used for signing SAML tokens expires, it can cause disruptions to the SAML-based authentication and authorization process.
Azure AD provides a
Notification Emailto receive alerts about certificate expirations. You can configure itYour app>Single Sign-On>SAML Certificates>Notification Email.You can add several e-mail addresses. As the address can be internally or external, there is no verification about the e-mail address(es). So be careful to enter a valid e-mail address. Keep in mind a SAML signing certificate can be valid up to 3 years, so the notification email address must always exist in 3 years.
The notification email address in the SAML configuration is typically pre-populated with the user who configured the SAML settings. This can be problematic because the account used is often an administrator account that does not have a mailbox associated with it.
The following PowerShell code can be used to obtain important information about SAML-based applications, such as the certificate, the email address used for notifications and if the certificat is still valid.
Beta Was this translation helpful? Give feedback.
All reactions