question

Ity-3595 avatar image
0 Votes"
Ity-3595 asked amanpreetsingh-msft commented

Queried the servicePrincipal GraphAPI and got several keyCredentials, went to the app "certificates and secrets" page and the keys are not there

What is the reason that I see multiple keyCredentials for a given servicePrincipal on the GraphAPI but when I go to the associated app page, on the app registrations, and then to certificated and credentials I don't see any keys or certificates?

The app is used for SSO to AWS.

Thanks.

azure-ad-app-registration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft commented

Hi @Ity-3595 · Thank you for reaching out.

Service Principal object (present under Enterprise Applications) and Application object (present under App Registration) for a given app are two different objects with different Object IDs but same App ID.

In your case, you are querying Service Principal of your application via graph api, which is returning the keyCredentials for certificates configured under SSO settings of the enterprise application.

On the portal, you are checking the app under Application Registration, where no certificate is configured.

To better understand, try running below PS cmdlets available in AzureADPreview module:

  • Get-AzureADServicePrincipal -ObjectId object_id_of_app_from_enterprise_apps | fl key*

  • Get-AzureADApplication -objectid object_id_of_app_from_app_registration | fl key*


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Ity-3595 · Just checking if you have any further question.

0 Votes 0 ·