This topic describes how an administrator can test the OpenID Connect (OIDC) connection between Single Sign‑On for VMware Tanzu Application Service and Azure Active Directory (Azure AD).

You can test your identity provider integration by deploying the Pivotal Single Sign-On Service Sample Applications.

Follow the steps below to test your Single Sign‑On connection.

  1. Log in to Apps Manager at https://apps.SYSTEM-DOMAIN and navigate to the org and space where your app is located.

  2. Under Services, locate the service instance of the Single Sign‑On plan bound to your app.

    Screenshot of Service tab in Apps Manager. Under the Services section, the
button for the Single Sign-On service is highlighted.

  3. Select the service instance and click Manage.

    Screenshot of the example-service-instance service screen in Apps Manager.
Below the title, the manage link is highlighted.

  4. Under the Apps tab, select your app.

    Screenshot of the Apps tab in Apps Manager showing a tile for the example-authcode-sample app.

  5. Under Identity Providers, select the Azure AD identity provider. Remove any other identity providers.

    Screenshot of the identity providers section with the Example Azure Origin button and an Internal User Store button.

  6. Return to Apps Manager and click the URL listed below your app to access your app.

    Screenshot of example-authcode-sample app page Apps Manager. Under the Route tab, there is one route listed.

  7. Navigate to your login. You will be redirected to the identity provider to authenticate.

    Screenshot of the Authcode Sample app. In the What do you want to do section, the link says, Log in via Auth Code Grant Type.

  8. On the identity provider sign-in page, enter your credentials and sign in.

    Screenshot of the Example OIDC Client sign-in page with fields to enter an email address or phone number and password. Below are Sign in and Back buttons.

  9. If the app prompts for authorization to the necessary scopes, click Accept.

    Screenshot of Example OIDC Client permissions page. The page states that Example OIDC Client needs permission to Sign you in and read your profile and includes a link to show more details. Below are the Accept and Cancel buttons.

  10. If you are now logged into your app, your Azure AD OIDC to Single Sign‑On connection works.

    Screenshot of the Authcode Sample app. The text says You've used the authcode flow!
Here's the result of calling /userinfo.

check-circle-line exclamation-circle-line close-line
Scroll to top icon