Thank you for posting this in Microsoft Q&A.
I understand that you have created a SAML application and are trying to obtain an access token. However, when exchanging the code in the OAuth2 Authorization Code flow, you encountered the error: AADSTS399274. This error indicates that the application with App ID 'XXXX' is configured for SAML SSO and cannot be used with non-SAML protocols.
As the error message states, SAML applications cannot receive tokens through OAuth2 or OIDC protocols.
Starting in late September 2024, applications designated as SAML applications (via the preferredSingleSignOnMode
property of the service principal) will no longer be able to receive JWT tokens. This change means they cannot serve as the resource application in OIDC, OAuth2.0, or any other protocols that utilize JWTs. It is important to note that this change only affects SAML applications that are attempting to adopt JWT-based protocols; existing SAML applications already using these flows will not be impacted.
With this new change, the OAuth integration will require a separate app registration for the third-party application to function properly. You will need to set up two applications in Entra ID: one enterprise app for SAML SSO and one app registration for the OAuth setup.
For your reference: https://learn.microsoft.com/en-us/entra/fundamentals/whats-new#general-availability---new-saml-applications-cant-receive-tokens-through-oauth2oidc-protocols
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.