In the process of converting our Azure Active Directory Enterprise Application SSO setup to terraform using the azuread provider (currently v2.2.1). Running into the following problems/shortcomings, and I’m not convinced that such features are actually supported fully yet, or if they are supposed to work, and I’m just configuring my resources incorrectly, or if there’s a bug in the provider. Here’s what I’m experiencing:
The Enterprise Applications “SAML Signing Certificate” appears to be partially working when using the azuread_service_principal_certificate resource. First off, the consuming application always gets an error about the certificate, and if I manually create a new cert through the Portal, it’s enough to work. Secondly, using the az CLI, I can see a clear difference between the keyCertificates collection of a service principal when using terraform vs the portal.
There does not appear to be a mechanism in terraform to activate the “SAML Signing Certificate”. That is something I have to do manually in the Portal, and then there is the above issues.
Anyone experiencing similar issues or maybe has this working fine, in which case I should provide a lot more detail to get to the bottom of my issues.
Hello @rossbeehler, I’m currently trying to automate the self-signed certificate part of SAML SSO via Terraform and I’m wondering if you could solve your issues ?
Thanks for your feedback,
Seb
Hi @sebpon, I simply gave up when I didn’t get any responses. Have you tried this yet? If you do and it also doesn’t work for you, we should log a github issue.
I’ve recently tried this as well. This produces the cert:
But, afterwards, you have to go digging for it: AAD > Enterprise Application > $yourAppName > Single sign-on (SSO) > SAML > SAML Certificates: Edit; then, click the ellipsis to download…
