is it possible to exchange SAMLv2 token issued by Azure AD for a Microsoft Graph access token

Dasaraju, Chandra Sekhar Varma (External) 0

we have offline application which needs to access Graph API

User login is done using SAML app registered with AAD and got SAML Assertion.

when used this SAML assertion to get access token getting below error.

{"error":"invalid_request","error_description":"AADSTS50107: The requested federation realm object 'https://sts.windows.net/2c795858-59ad-4411-88b0-91f104cae98a/' does not exist. Trace ID: 2cfa03d2-e7cc-4fa6-8eb9-cd5e44596e00 Correlation ID: bdcac5d1-d897-4406-935b-3aad07d7a76b Timestamp: 2024-07-07 21:04:55Z","error_codes":[50107],"timestamp":"2024-07-07 21:04:55Z","trace_id":"2cfa03d2-e7cc-4fa6-8eb9-cd5e44596e00","correlation_id":"bdcac5d1-d897-4406-935b-3aad07d7a76b","error_uri":"https://login.microsoftonline.com/error?code=50107"}

Navya 12,175 Reputation points Microsoft Vendor

2024-07-12T15:20:11.8133333+00:00

Hi @Dasaraju, Chandra Sekhar Varma (External)

Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.
Navya 12,175 Reputation points Microsoft Vendor

2024-07-15T16:33:21.93+00:00

Hi @Dasaraju, Chandra Sekhar Varma (External)

If the information below has been helpful in addressing your question, please accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Navya 12,175 Reputation points Microsoft Vendor

2024-07-22T12:13:44.6433333+00:00

Hi @Dasaraju, Chandra Sekhar Varma (External)

Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.

1 answer

Navya 12,175 Reputation points Microsoft Vendor

2024-07-08T10:00:58.3633333+00:00

Hi @Dasaraju, Chandra Sekhar Varma (External)

Thank you for posting this in Microsoft Q&A.

is it possible to exchange SAMLv2 token issued by Azure AD for a Microsoft Graph access token

No, it is not possible to exchange SAMLv2 token issued by Azure AD for a Microsoft Graph access token. You can Exchange a SAML token issued by AD FS for a Microsoft Graph access token.

For your reference: Exchange a SAML token issued by AD FS for a Microsoft Graph access token

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Please sign in to rate this answer.
Dasaraju, Chandra Sekhar Varma (External) 0 Reputation points

2024-07-09T15:03:53.9366667+00:00

Thanks Navya, I am trying to find a solution if I setup ADFS then Request to SAML app in AAD will be redirected to ADFS and ADFS will issue SAML token which I can use it to exchange for Access Token. Please let me know if my assumption is right or not. thanks for help

Navya 12,175 Reputation points Microsoft Vendor

2024-07-10T12:01:23.1666667+00:00

Hi @Dasaraju, Chandra Sekhar Varma (External)

Yes, your assumption is correct. Initially, you will receive a SAML assertion from the ADFS endpoint, after which you can exchange the SAML token issued by AD FS for an access token.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Dasaraju, Chandra Sekhar Varma (External) 0 Reputation points

2024-07-10T17:18:05.34+00:00

Thanks Navya, is any dependency on SAML version received from ADFS when Microsoft Entra ID redirects SAML request to ADFS ? SAML v1 or v2 both are fine for exchanging it to get Access Token

Navya 12,175 Reputation points Microsoft Vendor

2024-07-11T03:46:35.1+00:00

Hi @Dasaraju, Chandra Sekhar Varma (External)

This scenario works only when AD FS is the federated identity provider that issued the original SAMLv1 token.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

is it possible to exchange SAMLv2 token issued by Azure AD for a Microsoft Graph access token

1 answer

Your answer