0

I have configured a non-gallery application in order to set up SAML for one of our clients.

To the best of our knowledge, all the settings are properly set - I'm just this is just a basic mistake or something that we are not taking into account.

Whenever I try and test the application I get this screen: Error message

We have set Azure SAML using these settings: Configuration

Note that it is ENABLED (top option) and that user assignment is NOT required (bottom option) - also it is VISIBLE to users if this makes any difference.

From the application side we can connectly see it and clicking on the login option takes us correctly through the Azure SAML login process, however the user is never redirected back to the app and gets stuck on the page https://account.activedirectory.windowsazure.com/applications/redirecttoapplication.aspx

Does anyone have any ideas on how to proceed and troubleshoot this? We have created a clean system twice now with all the correct settings and no need to edit anything, so even if this is a cache issue it should not come into play. Other than the fact that we have to flip the switch to "not require user assignment". It bears mentioning that a user has been correctly assigned so this may not be the problem at all.

Thanks for any help

Karell Ste-Marie
  • 101
  • 2
  • Just to confirm you get the same "oops" error with both IdP-initiated and SP-initiated SSO? What do your Manage > Single sign-on properties look like? – ComponentSpace Mar 04 '18 at 05:37

1 Answers1

0

I dont see a configuration issue and can reproduce this. I suggest you discuss this further in the following forum post as there is an ongoing conversation with Microsoft Program Managers already involved. See https://social.msdn.microsoft.com/Forums/en-US/7c24d175-21bb-4c8d-8d9b-01fb919b2ec2/azure-ad-enterprise-app-user-assignment-required-option-does-nothing?forum=WindowsAzureAD

If you assign a user/group to the app it should work.

Do note if you don't leave enough time between when you assigned a user and tried to test, you may not notice a difference. The distributed nature means any changes need to replicate which can take 5-10 mins.

Also note visibility of app doesn't play a role here. App visibility controls are intended to be used to make the myapps access panel's view less cluttered and let users add apps to their access panel themselves. This however requires that the admin has done the relevant steps for self service provisioning of apps. See https://docs.microsoft.com/en-us/azure/active-directory/application-access-self-service-how-to for more details.

maweeras
  • 2,734
  • 2
  • 17
  • 23