qmuam (qmuam) asked a question.
I want to federate Okta with Azure China (https://portal.azure.cn) for SSO by using Okta as IDP. Since Office365 template doesn't support Azure China , I try to integrate Azure China with Okta using WS-Federation template.
I configured AzureChina application in Okta using WS-Federation template. When I login to https://portal.azure.cn, Okta can authenticate my account successfully. But Azure report below error after Okta redirect my request to https://login.partner.microsoftonline.cn/login.srf.
I tracked the payload content of https://login.partner.microsoftonline.cn/login.srf and found the token type is <wst:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</wst:TokenType>.
But I also tracked the payload content of https://login.partner.microsoftonline.cn/login.srf and found the token type when login to Azure global (https://portal.azure.com) which is using Okta office365 template for SSO. I found the token type is <wst:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</wst:TokenType>.
So how can I downgrade the wst:TokenType from SAML2.0 to SAML1.0 for application created using WS-Federation template in Okta?
For https://portal.azure.com, I tracked https://login.microsoftonline.com/login.srf but not https://login.partner.microsoftonline.cn/login.srf.
Hi, @qmuam (qmuam)
Thank you for posting on our Community page!
I have done some research and found that you cannot downgrade to SAML 1.0.
As discussed on this previous post you can get in touch with @uyjes (uyjes) for more tips on testing and federating Azure in China.
Hope this helps.
Thank you for reaching out to our Community and have a great day!
_____________________________________________________________________________
Community members help others by clicking Like or Select as Best on responses. Try it today.
_____________________________________________________________________________
@qmuam (qmuam) If you need assistance in testing, please contact me.