{"id":15780046,"url":"https://github.com/rgl/example-saml-service-provider-azure","last_synced_at":"2026-04-11T21:44:32.475Z","repository":{"id":139751896,"uuid":"604793187","full_name":"rgl/example-saml-service-provider-azure","owner":"rgl","description":"Azure AD (AAD) configuration for https://github.com/rgl/example-saml-service-provider","archived":false,"fork":false,"pushed_at":"2023-03-02T18:16:08.000Z","size":27,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-31T11:35:07.245Z","etag":null,"topics":["aad","azure","azuread","saml","saml2","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rgl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-21T19:58:06.000Z","updated_at":"2023-02-21T20:01:43.000Z","dependencies_parsed_at":null,"dependency_job_id":"f1f3aedd-aa82-49e0-b43e-67eb7f96b478","html_url":"https://github.com/rgl/example-saml-service-provider-azure","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rgl/example-saml-service-provider-azure","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fexample-saml-service-provider-azure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fexample-saml-service-provider-azure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fexample-saml-service-provider-azure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fexample-saml-service-provider-azure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rgl","download_url":"https://codeload.github.com/rgl/example-saml-service-provider-azure/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fexample-saml-service-provider-azure/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263636795,"owners_count":23492305,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aad","azure","azuread","saml","saml2","terraform"],"created_at":"2024-10-04T18:40:25.212Z","updated_at":"2026-04-11T21:44:27.432Z","avatar_url":"https://github.com/rgl.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# About\n\n[![Lint](https://github.com/rgl/example-saml-service-provider-azure/actions/workflows/lint.yml/badge.svg)](https://github.com/rgl/example-saml-service-provider-azure/actions/workflows/lint.yml)\n\nAzure AD (AAD) configuration for the [example-saml-service-provider](https://github.com/rgl/example-saml-service-provider).\n\nThis will use [terraform](https://www.terraform.io/) to create the [Users](users.tf), [Application, Application Roles, Enterprise Application (aka Service Principal)](applications.tf) to use the `example-saml-service-provider` web application.\n\nYou can test this in a [Free Microsoft 365 E5 instant sandbox](https://developer.microsoft.com/en-us/microsoft-365/dev-program).\n\n# Usage\n\nInstall the required tools:\n\n* [terraform](https://github.com/hashicorp/terraform).\n* [azure-cli](https://github.com/Azure/azure-cli).\n* [go](https://github.com/golang/go).\n\nLogin into Azure:\n\n```bash\naz login --allow-no-subscriptions\n```\n\nEnsure the expected account is set as default:\n\n```bash\naz account show\naz account list\naz account set --subscription=\u003ctenantId or id\u003e\naz account show\n```\n\nInitialize terraform:\n\n```bash\nmake terraform-init\n```\n\nLaunch the example:\n\n```bash\nmake terraform-plan-apply\n```\n\nShow the created Application and Enterprise Application (aka Service Principal):\n\n```bash\naz ad app show --id $(terraform output -raw application_id)\naz ad sp show --id $(terraform output -raw service_principal_id)\n# see https://learn.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0\u0026tabs=http\naz rest \\\n  --method GET \\\n  --uri \"https://graph.microsoft.com/v1.0/applications(appId='$(terraform output -raw application_id)')\"\n# see https://learn.microsoft.com/en-us/graph/api/serviceprincipal-get?view=graph-rest-1.0\u0026tabs=http\naz rest \\\n  --method GET \\\n  --uri \"https://graph.microsoft.com/v1.0/servicePrincipals/$(terraform output -raw service_principal_id)\"\n```\n\nShow all the Applications and Enterprise Applications (aka Service Principals):\n\n```bash\naz ad app list\naz ad sp list\n# see https://learn.microsoft.com/en-us/graph/api/application-list?view=graph-rest-1.0\u0026tabs=http\naz rest --method GET --uri https://graph.microsoft.com/v1.0/applications\n# see https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list?view=graph-rest-1.0\u0026tabs=http\naz rest --method GET --uri https://graph.microsoft.com/v1.0/servicePrincipals\n```\n\nShow the `Alice` credentials:\n\n```bash\nterraform output -raw alice_email\nterraform output -raw alice_password\n```\n\nClone the example SAML Service Provider application repository, build,\nand execute it:\n\n```bash\ngit clone https://github.com/rgl/example-saml-service-provider\ncd example-saml-service-provider\nmake build\nEXAMPLE_ENTITY_ID=\"$(cd .. \u0026\u0026 terraform output -raw saml_entity_id)\"\nEXAMPLE_IDP_METADATA=\"$(cd .. \u0026\u0026 terraform output -raw saml_metadata_url)\"\n./example-saml-service-provider \\\n  --entity-id $EXAMPLE_ENTITY_ID \\\n  --idp-metadata $EXAMPLE_IDP_METADATA\n```\n\nOpen this example SAML Service Provider page, and click the `login` link to go\nthrough the authentication flow using the `Alice` credentials:\n\nhttp://localhost:8000\n\n**NB** Alternatively, you can initiate a user login from the IDP side at the URL\ngiven by:\n\n```bash\nterraform output -raw user_access_url\n```\n\nAfter a successful authentication, you should see a list of SAML Claims,\nsimilar to:\n\n| Name                                                                  | Value                                                                                 |\n|-----------------------------------------------------------------------|---------------------------------------------------------------------------------------|\n| `http://schemas.microsoft.com/claims/authnmethodsreferences`          | `http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password`      |\n| `http://schemas.microsoft.com/identity/claims/displayname`            | `Alice Doe`                                                                           |\n| `http://schemas.microsoft.com/identity/claims/identityprovider`       | `https://sts.windows.net/00000000-0000-0000-0000-000000000000/`                       |\n| `http://schemas.microsoft.com/identity/claims/objectidentifier`       | `00000000-0000-0000-0000-000000000000`                                                |\n| `http://schemas.microsoft.com/identity/claims/tenantid`               | `00000000-0000-0000-0000-000000000000`                                                |\n| `http://schemas.microsoft.com/ws/2008/06/identity/claims/role`        | `administrator`                                                                       |\n| `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname`     | `Alice`                                                                               |\n| `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`          | `example-saml-service-provider-alice.doe@example.com`                                 |\n| `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname`       | `Doe`                                                                                 |\n| `SessionIndex`                                                        | `_00000000-0000-0000-0000-000000000000`                                               |\n| `urn:example`                                                         | `example`                                                                             |\n| `urn:example:email`                                                   | `example-saml-service-provider-alice.doe@example.com`                                 |\n\n**NB** When the user uses multi-factor-authentication (MFA) to login, the following claim is also included:\n\n| Name                                                                  | Value                                                                                 |\n|-----------------------------------------------------------------------|---------------------------------------------------------------------------------------|\n| `http://schemas.microsoft.com/claims/authnmethodsreferences`          | `http://schemas.microsoft.com/claims/multipleauthn`                                   |\n\nAnd destroy everything:\n\n```bash\nmake terraform-destroy\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fexample-saml-service-provider-azure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frgl%2Fexample-saml-service-provider-azure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fexample-saml-service-provider-azure/lists"}