Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Add support for the tokenIssuancePolicies API so that SAML applications can configure how tokens are signed. This may require the ability to create these policies to be assigned to the application as it looks like each application gets its own instance of a policies/tokenIssuancePolicies.
New or Affected Resource(s)
azuread_service_principal
Potential Terraform Configuration
resource "azuread_service_principal" "example" {
token_issuance_policy {
signing_algorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
token_response_signing_policy = "ResponseAndToken"
}
}
# Alternative adding it to the saml_single_sign_on block
resource "azuread_service_principal" "example" {
saml_single_sign_on {
token_issuance_policy = {
signing_algorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
token_response_signing_policy = "ResponseAndToken"
}
}
}
# Alternative as a separate resource, though you can only have one I believe so this may not make sense
resource "azuread_service_principal_token_issuance_policy" "example" {
id = azuread_service_principal.example.id
signing_algorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
token_response_signing_policy = "ResponseAndToken"
}
Community Note
Description
Add support for the
tokenIssuancePolicies
API so that SAML applications can configure how tokens are signed. This may require the ability to create these policies to be assigned to the application as it looks like each application gets its own instance of apolicies/tokenIssuancePolicies
.New or Affected Resource(s)
Potential Terraform Configuration
References