Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azuread_application_optional_claims not applied #1559

Open
alsastre opened this issue Nov 4, 2024 · 0 comments
Open

azuread_application_optional_claims not applied #1559

alsastre opened this issue Nov 4, 2024 · 0 comments

Comments

@alsastre
Copy link

alsastre commented Nov 4, 2024
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritise this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritise the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureAD Provider) Version

Terraform v1.9.7
on darwin_arm64
+ provider registry.terraform.io/hashicorp/azuread v3.0.2
+ provider registry.terraform.io/hashicorp/azurerm v4.8.0

Affected Resource(s)

  • azuread_application_optional_claims
  • azuread_application -> Claims section

Terraform Configuration Files

resource "azuread_application" "test" {
  description                    = "My first terraform SSO automation"
  device_only_auth_enabled       = false
  display_name                   = "sso-test-automation"
  fallback_public_client_enabled = false
  group_membership_claims        = ["All"]
  identifier_uris                = ["teest:uri"]
  logo_image                     = null
  marketing_url                  = null
  notes                          = null
  oauth2_post_response_required  = false
  owners                         = [""]
  prevent_duplicate_names        = false
  privacy_statement_url          = null
  service_management_reference   = null
  sign_in_audience               = "AzureADMyOrg"
  support_url                    = null
  template_id                    = "8adf8e6e-67b2-4cf2-a259-e3dc5476c621"
  terms_of_service_url           = null
  api {
    known_client_applications      = []
    mapped_claims_enabled          = false
    requested_access_token_version = 1
    oauth2_permission_scope {
      admin_consent_description  = "Allow the application to access sso-test-automation on behalf of the signed-in user."
      admin_consent_display_name = "Access sso-test-automation"
      enabled                    = true
      id                         = "28c44eb7-297a-495c-b5bf-9fa3459387f3"
      type                       = "User"
      user_consent_description   = "Allow the application to access sso-test-automation on your behalf."
      user_consent_display_name  = "Access sso-test-automation"
      value                      = "user_impersonation"
    }
  }
  app_role {
    allowed_member_types = ["User"]
    description          = "User"
    display_name         = "User"
    enabled              = true
    id                   = "18d14569-c3bd-439b-9a66-3a2aee01d14f"
    value                = null
  }
  app_role {
    allowed_member_types = ["User"]
    description          = "msiam_access"
    display_name         = "msiam_access"
    enabled              = true
    id                   = "b9632174-c057-4f7e-951b-be3adc52bfe6"
    value                = null
  }
  feature_tags {
    custom_single_sign_on = true
    enterprise            = true
    gallery               = false
    hide                  = false
  }
  public_client {
    redirect_uris = []
  }
  single_page_application {
    redirect_uris = []
  }
  web {
    redirect_uris = [""]
    implicit_grant {
      access_token_issuance_enabled = false
      id_token_issuance_enabled     = true
    }
  }
}
resource "azuread_application_optional_claims" "example" {
  application_id = azuread_application.test.id

  saml2_token {
    essential = false
    name      = "displayname"
  }
}

resource "azuread_service_principal" "example" {
  app_role_assignment_required  = true
  client_id                     = azuread_application.test.client_id
  notification_email_addresses  = [""]
  owners                        = [""]
  preferred_single_sign_on_mode = "saml"
  # tags                          = ["WindowsAzureActiveDirectoryCustomSingleSignOnApplication", "WindowsAzureActiveDirectoryIntegratedApp"]
  use_existing = true
  feature_tags {
    custom_single_sign_on = true
    enterprise            = true
    gallery               = false
    hide                  = false
  }
  saml_single_sign_on {
    relay_state = null
  }
}

Debug Output

Panic Output

Expected Behavior

An application configured with displayname optional claim should have been created

Adding/removing manually the claims to the application should produce a change in the output (it does not)

Actual Behavior

displayname optional claim was missing from the list of token claim.

Steps to Reproduce

  1. terraform apply with the above code, creates an application with sso configured but no optional claims.

Important Factoids

References
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@alsastre