Share via

SAML-P authentication flow

tarou chabi 731 Reputation points
2022-03-22T05:22:15.797+00:00

What's the difference between The Saml-P(SAML 2.0) endpoint of App registration (oauth or OIDC) and SAML 2.0 for enterprise applications? Please tell me the difference in the authentication flow.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,721 Reputation points
    2022-03-22T20:41:44.18+00:00

    Hello @tarou chabi ,

    Thanks for reaching out.

    I have answered to similar question from one of your previous post. However, sharing it here your reference. Hope this helps.

    Enterprise application blade is where you can find most pre-defined SaaS applications as well as custom applications that can be used for SSO purposes, and App registration blade is where you can create applications that support OAUTH, OIDC, including SAML protocol based SSO. As a result, the SAML, OAUTH, and OpenID Connect endpoints for both Enterprise App registration apps would stay the same, as illustrated below. Azure AD Endpoints can be found from https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps , and you can also verify this from the Enterprise application blade, which has the same URL as shown below.

    Azure AD endpoints:

    SAML-P sign-on endpoint: https://login.microsoftonline.com/{YourName/TenantID}/saml2
    SAML-P sign-out endpoint: https://login.microsoftonline.com/{YourName/TenantID}/saml2
    OpenID Connect metadata document: https://login.microsoftonline.com/{YourName/TenantID}/v2.0/.well-known/openid-configuration
    OAuth 2.0 token endpoint (v1) : https://login.microsoftonline.com/{YourName/TenantID}/oauth2/token
    OAuth 2.0 authorization endpoint (v1) : https://login.microsoftonline.com/{YourName/TenantID}/oauth2/authorize
    OAuth 2.0 token endpoint (v2) : https://login.microsoftonline.com/{YourName/TenantID}/oauth2/v2.0/token
    OAuth 2.0 authorization endpoint (v2) : https://login.microsoftonline.com/{YourName/TenantID}/oauth2/v2.0/authorize

    App Registration page:
    185841-image.png

    Enterprise Application page:
    185758-image.png

    To learn more about different authentication flows, refer to the following links.

    Single Sign-On SAML protocol: ** https://learn.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol
    **OAuth 2.0 and OpenID Connect in the Microsoft identity platform :     https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols
    Microsoft identity platform and OpenID Connect protocol: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc
    App Registration vs Enterprise Applications: https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.