Closed kenchan0130 closed 5 months ago
I believe this issue is caused by the Graph API using the identifierUris
property on the application object for both "Application ID URI" in the "Expose an API" tab on the application registration and "Identifier (Entity ID)" in the SSO tab on the service principal.
MS introduced some syntax restrictions on the "Application ID URI" a couple of years ago, seemingly forgetting how this affects doing SAML SSO configuration with the API. You can test this by attempting to put "box.net" on the application registration, which won't work.
My current workaround for this is to handle identifier URIs separately from the TF configuration and ignore changes to identifier_uris
on the application resource in the TF config.
Hi everyone, regarding this issue I recently tested with the Microsoft Graph API. I tried an unique syntax identifier URI and I don't get any Error:
POST : https://graph.microsoft.com/v1.0/applications
{ "displayName": "Test Identifier URI", "identifierUris": [ "box.net" ] }
With this specific API call the App registration does get created without any issues. So I am not sure if this is still a Microsoft Graph Issue.
This is not an error with the Microsoft Graph API, but rather a validation issue with this provider. Therefore, simply loosening the validation will resolve this problem.
Community Note
Terraform (and AzureAD Provider) Version
terraform v1.7.2 azuread v2.47.0
Affected Resource(s)
azuread_applications
azuread_application_identifier_uri
Terraform Configuration Files
or
Debug Output
N/A
Panic Output
N/A
Expected Behavior
No Errors
Actual Behavior
Steps to Reproduce
terraform apply
Important Factoids
In SAML authentication, the Entity ID is configured as the
identifier_uri
for Entra ID applications. The Entity ID can take any value as per the specification.In this example using Box, the Entity ID is set to
box.net
. When performing this configuration in the Azure Portal, the valuebox.net
can indeed be set as theidentifier_uri
.https://learn.microsoft.com/en-us/entra/identity/saas-apps/box-tutorial
References
N/A