1
votes

I am following this example: https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential

I am able to successfully run the sample, get the access token (JWT) and access the Web API.

However, I would like to have a claim containing the value of the certificate subject (in this case, it is CN=TodoListDaemonWithCert) in the returned token from the Azure AD. This is because I will have some more certificates with different subjects (CN=TodoListDaemonWithCert-1, CN=TodoListDaemonWithCert-2...) and they will be also registered with the TodoListDaemonwithCert app.

The Web API will use the subject (CN=TodoListDaemonWithCert) read from the token as an identity to proceed next.

Any idea would be appreciated.

1

1 Answers

1
votes

A feature like this is not currently supported in Azure Active Directory. Multiple certificates added to a single application are all interchangeable, and using a specific one does not affect any part of the authentication experience, including claims in the token.

Remember that an Application Object represents a single application identity. If you are trying to represent multiple applications, you should adopt a different design pattern:

For example, if you are trying to support a multi-tenant application where each tenant has their own secret, then you should be using the tenant specific Service Principal to register the custom certificate.

If you are trying to represent multiple different application identities, then you should register multiple applications, each with their own certificate.

Let me know if this helps.