The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
how to see what asserection is sending from a Mobile device? RRS feed

  • Question

  • Hi; we are using Azure SSO and I am trying to use SSO with Mobile App. Seems when login to the mobile app, the SAML assertion send has a different UserID format then when using browser. the format is nameid-format:persistent; and the nameid is bunch of seem random characters.  When I use the brower (even on the same mobile device) the assertion has the correct nameid format that is configured. 
    Friday, November 8, 2019 8:40 PM

All replies

  • Hey Atcchan,

    It depends on how the mobile app has setup their authentication. Is this your own Application? And if so, then can you please provide your method of authentication? 

    Ideally both applications should be utilizing the MSAL/ADAL libraries, which shouldn't have any issues with the login.

    In addition to that, can you please post what the request is form the mobile app to the AAD Servers is? 

     Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Thanks

    Friday, November 8, 2019 11:22 PM
    Moderator
  • Please let us know if you were able to resolve the issue from the replies before. If you still have more questions please let us know with some additional information regarding your question and we'll try to resolve it. It may require additional support escalation if we are unable to resolve this on this msdn thread. 

    thanks,

    - Frank H.

    Tuesday, November 26, 2019 7:49 PM
    Moderator
  • Hi Frank; Thank you for the reply and follow up. The mobile App is a third party vendor app. I have ask them for the Request is from the Mobile App. But their support doesn't seem to know what I am asking for and provide me the assertion the app received from our side.

    below are the different in user name in the assertion using Mobile App, Mobile Browser and desktop browser:

    Mobile:
    AML2Utils.getNameIDKeyMap: {sun-fm-saml2-nameid-infokey=[CALLIDUS|https://sts.windows.net/0ab4cbbf-4bc7-4826-b52c-a14fed5286b9/|PMJSvVHXqGlJm_ZTyIILt6IPsiIAMriybAA9gm7AkYU]}

    Mobile browser:
    SAML2Utils.getNameIDKeyMap: {sun-fm-saml2-nameid-infokey=[CALLIDUS|https://sts.windows.net/0ab4cbbf-4bc7-4826-b52c-a14fed5286b9/|Albert.Chan@rci.rogers.com]}
    libSAML2:09/18/2019 08:14:37:977 AM PDT: Thread[http-bio-4010-exec-167,5,main]

    Desktop:
    SAML2Utils.getNameIDKeyMap: {sun-fm-saml2-nameid-infokey=[CALLIDUS|https://sts.windows.net/0ab4cbbf-4bc7-4826-b52c-a14fed5286b9/|Albert.Chan@rci.rogers.com]}
     

    Thanks;

    Albert

    Thursday, November 28, 2019 4:54 PM
  • Hey Atcchan, 

    It sounds like there's an issue with the third party vender's application. There's not much we can do without knowing what they're doing to implement their authentication. It seems that you've been able to identify that the issue is that for some reason their application has the wrong name identifier, and they need to explain what is occurring and why their code is providing that instead of albert.chan@rci.rogers.com 

    Please remember to mark one of the responses as answer if your question has been answered. If not please let us know if there are anymore questions. Also please remember to post future questions on the new Q&A Forums here : https://docs.microsoft.com/answers/index.html Thanks

    Tuesday, December 10, 2019 11:03 PM
    Moderator