Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu Application Service.

Page last updated:

This topic describes how an administrator can test the connection between Single Sign‑On for VMware Tanzu Application Service and Azure Active Directory (AD). An administrator can test both service provider and identity provider connections.

You can test your identity provider integration by deploying the Pivotal Single Sign-On Service Sample Applications.

Test Your Configurations in Azure AD

  1. Log in to Azure AD at https://portal.azure.com/.

  2. Navigate to Azure Active Directory > Enterprise Applications.

  3. Select your app and navigate to Single Sign-on > Test SAML settings.

  4. Select the user that you want to log in as.

    If you have setup all configuration correctly, you should see something like the images below. Otherwise, you should see some meaningful error message.

    Azure test saml settings Azure token claims

Test Your Service Provider Connection

  1. Log in to Apps Manager at https://apps.SYSTEM-DOMAIN and navigate to the org and space where your application is located.

  2. Under Services, locate the service instance of the Single Sign‑On plan bound to your app. Click on the service instance and click Manage.

    Click service

    Azure click manage

  3. Under the Apps tab, click your app.

    Azure select authcode app tile

  4. Under Identity Providers, select the Azure AD identity provider.

    Click azure pcf

  5. Return to Apps Manager and click on the URL below your app to be redirected to the identity provider to authenticate.

    Authcode sample address

  6. Click the link.

    Authcode sample

  7. On the identity provider sign-in page, enter your credentials and click Sign In.

    Azure sign in

  8. The app asks for authorization to the necessary scopes. Click Authorize.

    Popup authcode

  9. The access token and ID token displays.

    Azure authcode sample code

Test Your Identity Provider Connection

Note: Single Sign‑On does not support identity provider-initiated flow into applications, but it does redirect the user to the User Account and Authentication (UAA) page to select apps assigned to the user.

  1. Sign in to Azure AD.

    Azure sign in

  2. Navigate to your app and click it.

  3. You are redirected to the page that lists apps you have access to.

    App list

Test Your Single Sign-Off

Test single sign-off to ensure that when users log out of the application, they are logged out of Azure AD as well.

  1. Sign into the sample app. Information about the access and ID token displays, as well as the “What do you want to do?” section.
  2. Under “What do you want to do?”, click Log out.

    What do you want

  3. You are logged out and redirected to the Azure AD login page.

    Azure sign in