I'm having a bit of an issue with some of my Enterprise SAML applications. I can see the token signing certificates in the Admin console UI, but when I try to retrieve them using PowerShell, the PreferredTokenSigningKeyThumbprint comes back empty for some applications, while others work just fine. Here's what I see:
- PreferredTokenSigningKeyThumbprint :
- TokenEncryptionKeyId :
- TokenIssuancePolicies :
- TokenLifetimePolicies :
- PreferredSingleSignOnMode : saml
- DisplayName : Test-App1
Has anyone experienced this before or know why it might be happening? Thanks!
1 Answer
It sounds like you might not be using the right command or there could be some default properties not included. Have you tried specifically calling out those properties in your command? Also, the scopes you've connected with could impact what you see.
Do you mind sharing your command line? It would help us troubleshoot a bit better!
Sure! Here’s the command I’m using:
Get-Mgserviceprincipal -all | select "*token*", preferredSingleSignOnMode, PreferredTokenSigningKeyThumbprint, displayName
I'm connecting with Directory.read.all, and I noticed that some apps return the thumbprint while others don’t without any errors.