Provisioning with a pfx certificate.

Question

Provisioning with a pfx certificate.

K S, Pavan Kumar 1

I am trying to configure the provisioning at my Azure AD end point. On performing the Test Connection,
following error message "No required SSL certificate was sent"
received from the SCIM APP (SCIM server) .

Is it possible to configure Azure AD SCIM client with certificate ?

Please help.

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2021-01-22T23:39:34.183+00:00

@K S, Pavan Kumar
Thank you for your post! Can you share the documentation that you're following to set this up? This way I can gain a better understanding of your issue.

Reading through our documentation, I found that the SCIM service must have an HTTP address and server authentication certificate, additionally, the only supported authorization methods are listed here in this table.

I hope this helps! If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
K S, Pavan Kumar 1 Reputation point

2021-01-25T07:51:52.643+00:00

Hi @JamesTran-MSFT : thank you for your reply. I want to sync my user to my application for which i have configured a Enterprise application in Azure Ad and trying to configure the SCIM end point at my Azure AD . Please refer the below screenshot.

On performing the Test Connection. i am getting the error message. "400 no required SSL certificate was sent" . Could you please suggest where we can upload the certificate for SCIM provisioning and which file extensions are supported ?
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2021-01-25T23:35:35.233+00:00

@K S, Pavan Kumar
Thank you for the quick response and screenshot! I've reached out to my team regarding this issue and will update as soon as possible regarding next steps.

If you have any other questions in the meantime, please let me know.
Thank you for your time and patience throughout this issue.

1 answer

Your answer

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2021-01-22T23:39:34.183+00:00

@K S, Pavan Kumar
Thank you for your post! Can you share the documentation that you're following to set this up? This way I can gain a better understanding of your issue.

Reading through our documentation, I found that the SCIM service must have an HTTP address and server authentication certificate, additionally, the only supported authorization methods are listed here in this table.

I hope this helps! If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
K S, Pavan Kumar 1 Reputation point

2021-01-25T07:51:52.643+00:00

Hi @JamesTran-MSFT : thank you for your reply. I want to sync my user to my application for which i have configured a Enterprise application in Azure Ad and trying to configure the SCIM end point at my Azure AD . Please refer the below screenshot.

On performing the Test Connection. i am getting the error message. "400 no required SSL certificate was sent" . Could you please suggest where we can upload the certificate for SCIM provisioning and which file extensions are supported ?
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2021-01-25T23:35:35.233+00:00

@K S, Pavan Kumar
Thank you for the quick response and screenshot! I've reached out to my team regarding this issue and will update as soon as possible regarding next steps.

If you have any other questions in the meantime, please let me know.
Thank you for your time and patience throughout this issue.

Answer 1

Danny Zollner 10,801 Microsoft Employee Moderator

Hi @K S, Pavan Kumar - the error you're reporting is being returned from your SCIM code into Azure AD. We don't support uploading certificates into our provisioning service. See our documentation on building a SCIM endpoint: https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#building-a-custom-scim-endpoint

As of 1/26/2021, the referenced guidance in that link is:

The SCIM service must have an HTTP address and server authentication certificate of which the root certification authority is one of the following names:
CNNIC
Comodo
CyberTrust
DigiCert
GeoTrust
GlobalSign
Go Daddy
VeriSign
WoSign
DST Root CA X3

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2021-01-27T16:39:21.48+00:00

@K S, Pavan Kumar
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let us know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Matab 26 Reputation points

2021-01-29T12:06:22.67+00:00
Hello JamesTran,

I have found below Microsoft documentation where it shows the steps to configure the SSL certificate for Single Sign on application. Please clarify my below queries.

Will this option applicable for SCIM provisioning using SSL certificate?

Can we consider SCIM certificate used for SSO application?

Thanks
Danny Zollner 10,801 Reputation points Microsoft Employee Moderator

2021-01-29T16:35:52.61+00:00

AAD Provisioning does not support usage of pfx (or other) certificates for authentication. A list of the authentication/authorization methods that we currently support and plan to support in the foreseeable future is located here: https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#authorization-for-provisioning-connectors-in-the-application-gallery

For reference, as of 1/29/2021 that list is:

Long-lived bearer token (gallery and non-gallery apps)
OAuth authorization code grant (gallery apps only)
OAuth client credentials grant (future)

Share via

Provisioning with a pfx certificate.

1 answer

Your answer