Share via

What You Must Know if Using Azure Active Directory for SSO with Yammer

  • Article

I posted a while back regarding how to configure Yammer and Azure Active Directory (AAD) together so that you could use it for single sign on to your Yammer network - https://blogs.technet.com/b/speschka/archive/2014/01/08/using-azure-active-directory-for-single-sign-on-with-yammer.aspx. There is an important part of the configuration that you need to be aware of however. Like all identity providers, AAD uses a token signing certificate so that you know when you get a token that is signed with it, you can trust where it came from. Also, like all good identity providers, AAD will periodically roll over it's token signing certificate and issue a new one. The token signing certificates that AAD uses are currently good for two years. So here's the problem - what happens when that token signing certificate expires and a new one is rolled into place? Unfortunately, if you do nothing, your users will no longer be able to authenticate successfully into Yammer because they do not automatically track the expiration of token signing certificates. That is the point of this post.

So you have the bad news...and...I don't really have a lot of good news. This certificate management may change in the future, I couldn't really say for sure right now. It will certainly help if you let your Yammer customer service rep know that this is important to you if it is. In the meantime, I've written another little tool to try and help you out as best we can. If you provide your AAD instance name, it will download the token signing certificate for your tenant and then let you know what the expiration is. It can also add a Task reminder to Outlook to remind you as the expiration date is approaching so you can work with Yammer support to get your token signing certificate updated with them. I've included the source code so you can modify as you need; the Task functionality requires Outlook 2013 as well, which you may not have.

 

AAD still makes a good choice for authenticating with Yammer, this is just some information so you can plan the additional management that you'll need to stay on top of when you use it.

AadCertChecker.zip

Comments

  • Anonymous
    January 01, 2003
    thanks
  • Anonymous
    January 01, 2003
    The comment has been removed
  • Anonymous
    September 18, 2014
    The comment has been removed
  • Anonymous
    January 08, 2015
    m88 : http://m88en.com
    M88.com offer online sports games Asia, Sports Betting Asia, Sports Betting Sites Asia.
    m88asia : http://m88en.net
    Link to M88BET phone: m88en.com. – Register and Open Betting Account and Membership M88BET.
    m88bet : http://www.linkm88vip.com
    MANSION88 the house is one of the largest and most prestigious. Appeared quite early in the Asian market, the so-MANSION88 currently attracts more players.
    link m88 : http://m88wiki.com
    Home the M88 is the official sponsor of the football club in the Premier League
    Wish you happy with the new M88
    m88 casino online : http://m88free.com

    Modern Thai restaurant combines outstanding traditional cuisine and a subtle modern decor with a warm welcoming ambience. Thai Restaurants in Brisbane :http://www.watersidethainoodles.com.au , traveller reviews of Brisbane Thai restaurants and search by price, location, and more..