Confusing error with Entra ID Enterprise applications
Published in
Aug 29, 2024
I was configuring an Enterprise application and adding some claims under the SSO tab:
When I tried to access the application, I got this weird error message:
https://jwt.io/#error=invalid_request&error_description=AADSTS50146 This
application is required to be configured with an application-specific signing
key. It is either not configured with one or the key has expired or is not
yet valid.
WTF?
Some investigation revealed that the real reason for this is that you have to set “acceptMappedClaims” to “true” in the manifest of the corresponding application registration!
"api": {
"acceptMappedClaims": true,
"knownClientApplications": [],
"requestedAccessTokenVersion": 2,
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},
All good!