It would be beneficial to allow SAML integration with Azure Active Directory for SSO. Currently, it is understood that this is not possible due to the fact that Liferay requires message level signature in order to authenticate, while Azure Active Directory specifically does not support it:
Based on the following LPS, it was believed that supporting this may allow for the possibility of spoofing. It is unclear whether this is still the case or whether there are alternate options. If possible, it would benefit some users if Liferay allows the message level signature to be disabled or develops an alternate method to connect to Azure AD.
This feature would make it so that clients who have already integrated their other applications with Azure AD can easily add Liferay to their workflow.
The following scenario illustrates the requested feature:
- Deploy SAML 2.0 Provider into environment
- Created new custom application in Azure AD
- Configure connection to Azure AD via SAML Admin
Note the following errors in the console after performing these steps:
Add integration with Azure AD into the SAML 2.0 Provider.