This topic tells you how an administrator can test the connection between Single Sign‑On for VMware Tanzu Application Service and Microsoft Entra ID. An administrator can test both service provider and identity provider connections.

You can test your identity provider integration by deploying the Pivotal Single Sign-On Service Sample Applications.

Test Your Configurations in Microsoft Entra ID

  1. Log in to Microsoft Entra ID at https://portal.azure.com/.

  2. Navigate to Azure Active Directory (Microsoft Entra ID) > Enterprise Applications.

  3. Select your app and navigate to Single Sign-on > Test SAML settings.

  4. Select the user that you want to log in as.

    If you have set up all configuration correctly, you should see something like the images below. Otherwise, you should see some meaningful error message.

    The Test single sign-on new_test page with two buttons, Sign in as current user and Sign in as someone else.

    The Token Claims drop down label is expanded showing a table with two columns, Name and Value. There are four entries in the table.

Test Your Service Provider Connection

  1. Log in to Apps Manager at https://apps.SYSTEM-DOMAIN and navigate to the org and space where your application is located.

  2. Under Services, locate the service instance of the Single Sign‑On plan bound to your app. Click on the service instance and click Manage.

    Screenshot of overview tab in Apps Manager. Under the Services section, the button for the Single Sign-On service is highlighted.

    The Single Sign-On service screen in Apps Manager. Below the title, the manage link is highlighted.

  3. Under the Apps tab, click your app.

    The Apps tab in Apps Manager showing a tile for the authcode-sample app.

  4. Under Identity Providers, select the Microsoft Entra ID identity provider.

    The app configuration screen. The Azure PCF SSO button in the Identity Providers section is highlighted.

  5. Return to Apps Manager and click on the URL below your app to be redirected to the identity provider to authenticate.

    Screenshot of overview tab in Apps Manager. Under the Apps section, the URL in the Route column of table is highlighted

  6. Click the link.

    A browser window with the authcode sample web app showing. The app has a link at the bottom of the web page with the text Log in via Auth Code Grant Type

  7. On the identity provider sign-in page, enter your credentials and click Sign In.

    The Microsoft Azure sign-in page with fields to enter an email address or phone number and password. Below are Sign in and Back buttons.

  8. The app asks for authorization to the necessary scopes. Click Authorize.

    The Application Authorization page for the authcode sample app. There are check boxes for two scopes: openid and Read TODO list. Both checkboxes are selected. At the bottom of the page, there are buttons for Deny and Authorize.

  9. The access token and ID token displays.

    Screenshot of a page showing JSON for the result of calling /userinfo, the access token that was used, and the ID token. At the bottom of the page there are links for TODO list, See your account profile, and Log out.

Test Your Identity Provider Connection

Note Single Sign‑On does not support identity provider-initiated flow into applications, but it does redirect the user to the User Account and Authentication (UAA) page to select apps assigned to the user.

  1. Sign in to Microsoft Entra ID.

    The Microsoft Azure sign-in page with fields to enter an email address or phone number and password. Below are Sign in and Back buttons.

  2. Navigate to your app and click it.

  3. You are redirected to the page that lists apps you have access to.

    Screenshot of Apps Manager apps tab with tiles for three apps shown.

Test Your Single Sign-Off

Test single sign-off to ensure that when users log out of the application, they are logged out of Microsoft Entra ID as well.

  1. Sign into the sample app. Information about the access and ID token displays, as well as the “What do you want to do?” section.

  2. Under “What do you want to do?”, click Log out.

    Link in the What do you want to do section. There are links for TODO list, See your account profile, and Log out.

  3. You are logged out and redirected to the Microsoft Entra ID login page.

    The Microsoft Azure sign-in page with fields to enter an email address or phone number and password. Below are Sign in and Back buttons.

check-circle-line exclamation-circle-line close-line
Scroll to top icon