Confusing error with Entra ID Enterprise applications

Rory Braybrook
The new control plane
Aug 29, 2024
Image of Error
Rahio1234 via Wikimedia Commons

I was configuring an Enterprise application and adding some claims under the SSO tab:

Image showing SSO “Attributes and cliams”

When I tried to access the application, I got this weird error message:

https://jwt.io/#error=invalid_request&error_description=AADSTS50146 This 
application is required to be configured with an application-specific signing
key. It is either not configured with one or the key has expired or is not
yet valid.

WTF?

Some investigation revealed that the real reason for this is that you have to set “acceptMappedClaims” to “true” in the manifest of the corresponding application registration!

"api": {
"acceptMappedClaims": true,
"knownClientApplications": [],
"requestedAccessTokenVersion": 2,
"oauth2PermissionScopes": [],
"preAuthorizedApplications": []
},

All good!

--

--

The new control plane
The new control plane

Published in The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook
Rory Braybrook

Written by Rory Braybrook

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5

No responses yet