Share via

The single sign-on configuration is not available for this application in the Enterprise applications experience.

KjoniX 26 Reputation points
2022-08-02T20:05:52.473+00:00

I have installed MediaWiki in Azure and SimpleSAML plugin to get MS SSO.

The problem is that it seems like the metadata has very short lifespan before refresh. I did a simple App Registration and here I can not find any way to change or see expiration date.

After some research I discoved that I should instead create an Enterprise App (the difference is not clear to me) and under Single Sign On I should be able to configure metadata expiration date.

BUT when go to my enterprise app, I get this message:
The single sign-on configuration is not available for this application in the Enterprise applications experience. EnterpriseTestReg was created using the App registrations experience. (Which is not true...)

Microsoft Security | Microsoft Entra | Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2022-08-03T10:58:55.987+00:00

    Hi @KjoniX ,

    Thanks for reaching out.

    I understand you are trying to configure single sign on in Azure AD for MediaWiki application to increase the lifetime of SAML token but getting the error "The single sign-on configuration is not available for this application in the Enterprise applications experience" although you are registering the application in Enterprise application.

    To understand, Application Registration and Enterprise Application

    App Registration are basically the apps local to the tenant/organization in which they have been registered to generate unique application id.
    Enterprise apps blade shows global apps which can be configured and used within your tenant/organization.

    Usually, Apps that are registered using the App Registration blade are considered to be apps that would use either OAuth or OpenIDConnect. Hence the SAML SSO configuration option is not present there.

    In case you have created a custom SAML app, that you want to integrate with Azure AD, you need to select the following option under Enterprise Registration: "Integrate any other application you don't find in the gallery"

    227624-image.png

    This setting will allow to setup the SSO for custom SAML application.

    227625-image.png

    If you are looking to extend the lifetime of SAML token which are obtained using Azure AD SAML endpoint, then validity of token is specified by NotOnOrAfter value which can be changed using AccessTokenLifetime parameter in a TokenLifetimePolicy.

    Reference: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp

    Hope this will help.

    Thanks,
    Shweta

    -----------------------------------

    Please remember to "Accept Answer" if answer helped you.

  2. KjoniX 26 Reputation points
    2022-08-04T07:01:53.467+00:00

    Yes, it helped. Thx!

    I have changed to enterprise app in my test environment and it work. I haven't yet found how I can change the expiration, and it is not clear to me what actually expire. Is it the token or the certitficate?

    Will my production environment (which now is on app registration) expire on a fixed time or will it expire because of inactivity?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.