Skip to Content

Token encryption in Microsoft Azure SSO with Ezeelogin

How to enable token encryption in Microsoft Azure for SAML authentication?

1. Create a new private key

root@gateway ~]# openssl genrsa -out key_name.key key_strength


root@gateway ~]# openssl genrsa -out private_key.key 2048

2. Generate a certificate signing request (CSR) associated with your private key.

root@gateway ~]# openssl req -new -key path_to_private_key.key -out csr_name.csr


root@gateway ~]# openssl req -new -key private_key.key -out CSR.csr

3. Convert a .csr (Certificate Signing Request) file to a .cer (Certificate) file.

root@gateway ~]# openssl x509 -req -in yourfile.csr -out yourfile.cer -signkey yourfile.key -days 365


root@gateway ~]# openssl x509 -req -in CSR.csr -out CSR.cer -signkey private_key.key -days 365

4. Download the certificate to your PC.

5. Click on the Token encryption on your Enterprise application. Click on import certificate and import the certificate file from your PC with the .cer extension.

6. Activate the certificate by clicking on three dots and Activate token encryption certificate.

7. Add the certificate and private key in Ezeelogin SAML advanced settings.

Use the certificate and  private key in  Service Provider Certificate and Service Provider Private Key.

Enable Auto Create and change web panel authentication to SAML. Clear the browser cache and try to log in to Ezeelogin with Azure login credentials.

Common errors while accessing Ezeelogin with Microsoft Azure token encryption configured

No private key available, check settings

This error happens because Service Provider Certificate or Service Provider Private Key field is empty.

Key is missing data to perform the decryption

This error happens because the private key saved in Ezeelogin is different from the key used to generate the certificate used in Azure token encryption.


Related Articles