In the process of converting our Azure Active Directory Enterprise Application SSO setup to terraform using the azuread provider (currently v2.2.1). Running into the following problems/shortcomings, and I’m not convinced that such features are actually supported fully yet, or if they are supposed to work, and I’m just configuring my resources incorrectly, or if there’s a bug in the provider. Here’s what I’m experiencing:
- The Enterprise Applications “SAML Signing Certificate” appears to be partially working when using the
azuread_service_principal_certificateresource. First off, the consuming application always gets an error about the certificate, and if I manually create a new cert through the Portal, it’s enough to work. Secondly, using the
azCLI, I can see a clear difference between the keyCertificates collection of a service principal when using terraform vs the portal.
- There does not appear to be a mechanism in terraform to activate the “SAML Signing Certificate”. That is something I have to do manually in the Portal, and then there is the above issues.
Anyone experiencing similar issues or maybe has this working fine, in which case I should provide a lot more detail to get to the bottom of my issues.