Assign the claimsMappingPolicy to a servicePrincipal giving error?

875 views Asked by At

I have followed the below stackoverflow link ( The answer provided by Allen Wu) How to add a custom claim and retrieve the same as part of access_token, when the scope is not Graph API in Azure AD?

to add a custom claim in access token. But I am getting an error when I am trying to

Assign the claimsMappingPolicy to a servicePrincipal.

I have opened microsoft graph and executed a POST call like so -

https://graph.microsoft.com/v1.0/servicePrincipals/8b6e2827-b3fa-467b-940d-324c301ca606/claimsMappingPolicies/$ref

with the request body

{
"@odata.id":"https://graph.microsoft.com/v1.0/policies/claimsMappingPolicies/fce7f260-9598-426d-b8c2-7e589b25415b"   
}

but I am getting a 409 Response code with the following response preview :

{
    "error": {
        "code": "Request_MultipleObjectsWithSameKeyValue",
        "message": "Request contains property changes that would result in property-uniqueness violation(s). Please retry your request with corrected values.",
        "innerError": {
            "date": "2020-10-18T06:32:23",
            "request-id": "ae69cb4f-716d-4d56-a123-572c76ace2e0",
            "client-request-id": "29b0130e-8b7a-d09d-1188-2856c99dad8e"
        }
    }
}
1

There are 1 answers

10
Allen Wu On BEST ANSWER

It means the servicePrincipal has been assigned a claimsMappingPolicy.

If you assign another claimsMappingPolicy to it, you will get the 409 Conflict error.

You need to List assigned claimsMappingPolicy first and then Remove claimsMappingPolicy.

Now you can assign claimsMappingPolicy to the servicePrincipal.