Not able to set an application specific signing key
We have a multi-tenant application and we want to provide a custom claim (we want to add onPremisesImmutableId
) in the identity token. According to the documentation, we should avoid modifying the acceptMappedClaims
property (https://learn.microsoft.com/en-us/entra/identity-platform/jwt-claims-customization?WT.mc_id=Portal-Microsoft_AAD_IAM#add-application-specific-claims) and instead use an application-specific signing key. We created and set a self-signed certificate and updated the service principal to use that certificate. However, we are still unable to log in due to the following error: ‘AADSTS50146: This application is required to be configured with an application-specific signing key. It is either not configured with one, or the key has expired or is not yet valid.’