Below you will find the procedure to set up SAML SSO between a test Azure AD SaaS Application and hand ADFS Claims X-Ray to troubleshoot custom SAML claim issuance and transformations.
In your AAD portal, navigate to Enterprise Apps and create a Non-Gallery Application.
Navigate to Single sign-on and select SAML.
Edit the Basic SAML Configuration.
The Identifier will be “urn:microsoft:adfs:claimsxray”
The Reply URL will be “https://adfshelp.microsoft.com/ClaimsXray/TokenResponse“
Save configuration.
You can add additional claims to be sent, return groups, and change the NameID in the User Attributes & Claims section.
After the SAML configuration is complete, you can assign a user and a role to test the SAML SSO configuration.
Now its time to test Single sign-on. For that you can the Test action. If logged in at the user you just specified, use the first option. Otherwise select another user (The second option requires the use of the browser extension).
If successful, you should be redirected to the Claims X-RAY page to view the output of your token.
