Menu
We're using application client credentials to authenticate via Azure AD.
When we do this the Identity.Name is null. This is because there is no name claim mapped into the JWT.
We discovered you can map custom claims, like so: Claims mapping in Azure Active Directory.
When you apply the policy to the application, the next time you authenticate you receive an error:
"AADSTS50146: This application is required to be configured with an application-specific signing key."
Cool, there is a way out of this though: New-AzureADApplicationKeyCredential. It indicates you can create a Symmetric signing key in your application and voila -- we now have a JWT with the custom claim.
The problem, not resolved: it generates a jwt with a HS256 header, not the required RS256 algorithm.
When I try to authorize the jwt against the application. It fails, unauthorized.
Now I am stuck, I can map a custom claim, but with no way to authorize the jwt :(
I there a way to resolve this issue?
583
It's good to remember to set acceptMappedClaims to true in the application registration manifest in Azure.
141
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
