Read SAML response received from azure active directory using java
I am new to azure active directory(AAD), So far I have created Enterprise Application in azure AD and setting of this application I have selected integrated windows auth(IWA) for Single sign-on option. I have configured app proxy in this and pre-authentication set to AAD and internal URL is my java based web application URL.
On other side AAD connector is install with federation as ADFS.
Now the flow is : when I hit User access URL(URL for enterprise application) it challenge for domain verification and after successful verification it redirect to my on-premises AD form. after successful authentication to ADFS it redirect to my web app.
Now the response I receive is SAML response.
My question is how can I read this SAML response using java, AFA I found is ADAL is one way to do so. here is sample project I found .
But don't found this usefull in my case. Is any other way to read this response, or any modification.
The question might be broad: then any suggetion or reference link for the same?
Update:
My application not receive SAML response directly. the response received via app proxy which is not SAML. Or can we add some custom headers in response send by app proxy. Please find image below for better understanding
Update2:
Is it possible to send custom header in response send by azure app proxy?
Currently receiving headers are
- connection
- authorizationNegotiate
- cookie
- host
- others like x-forwarded-by, language, encoding
Looks like it may not be something wrong with your setup, but currently a limitation for Azure AD Application Proxy, that it isn't able to pass the SAML token to internal web app for SSO.
Please take a look at the links below, looks like it's a planned item for the Azure AD team and you could try to confirm this with Microsoft Support and get details from them on a possible workaround.
I hope this helps!
App Proxy - SAML as SSO Option https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/33318022-app-proxy-saml-as-sso-option
Here they mention that work is starting on the item and even suggest a work around and share contact information to ask for more details.
Enable SAML tokens to flow through Azure Application Proxy to the internal site https://feedback.azure.com/forums/374982-azure-active-directory-application-requests/suggestions/19204666-enable-saml-tokens-to-flow-through-azure-applicati
This one explains the problem itself in a lot more detail
Update: Here is a write-up from the response I got from Azure AD Feedback team
Part 1: Configuring the Application in Application Proxy
Step 1: Add a new Enterprise Application, and chose the “on-premises application” option. Fill out the application information with the internal URL that is the identifier for the application, and the external URL that you want your users to use when external. Make sure you select the connector group that contains the connectors with access to the application – if you only followed the steps in part 0 and haven’t created new connector groups, the correct group is “Default”.
Step 2: Assign Users to the Application through the “Users and Groups” menu
Part 2: Configure the SAML App
Step 1: Add another application, but this time choose Non-gallery application
Step 2: Since users are assigned through the Application Proxy application, they don’t need to be assigned here. In the properties menu, turn off the User Assignment Required field.
Step 3: Configure the Single-Sign On settings in the corresponding menu. Chose “SAML-based Sign-on”. Provide the application identifier of your application. Put the Reply URL as the Application Proxy external URL (configured in Part 1, Step 1). Chose the type of user identifier and add the signing certificate for the tokens. Your application is now ready to use. It can be accessed by the Application Proxy external URL, or by going through the Access Panel.
