What You Must Know if Using Azure Active Directory for SSO with Yammer

I posted a while back regarding how to configure Yammer and Azure Active Directory (AAD) together so that you could use it for single sign on to your Yammer network - https://blogs.technet.com/b/speschka/archive/2014/01/08/using-azure-active-directory-for-single-sign-on-with-yammer.aspx. There is an important part of the configuration that you need to be aware of however. Like all identity providers, AAD uses a token signing certificate so that you know when you get a token that is signed with it, you can trust where it came from. Also, like all good identity providers, AAD will periodically roll over it's token signing certificate and issue a new one. The token signing certificates that AAD uses are currently good for two years. So here's the problem - what happens when that token signing certificate expires and a new one is rolled into place? Unfortunately, if you do nothing, your users will no longer be able to authenticate successfully into Yammer because they do not automatically track the expiration of token signing certificates. That is the point of this post.

So you have the bad news...and...I don't really have a lot of good news. This certificate management may change in the future, I couldn't really say for sure right now. It will certainly help if you let your Yammer customer service rep know that this is important to you if it is. In the meantime, I've written another little tool to try and help you out as best we can. If you provide your AAD instance name, it will download the token signing certificate for your tenant and then let you know what the expiration is. It can also add a Task reminder to Outlook to remind you as the expiration date is approaching so you can work with Yammer support to get your token signing certificate updated with them. I've included the source code so you can modify as you need; the Task functionality requires Outlook 2013 as well, which you may not have.

 

AAD still makes a good choice for authenticating with Yammer, this is just some information so you can plan the additional management that you'll need to stay on top of when you use it.

AadCertChecker.zip