🔍 Code Extractor

class TokenIssuancePolicy

Maturity: 47

A policy class that defines characteristics of SAML tokens issued by Azure AD, including signing options, algorithms, and token versions.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/token_issuance.py
Lines:
4 - 12
Complexity:
moderate

Purpose

TokenIssuancePolicy represents a specialized policy type for configuring SAML token issuance in Azure Active Directory. It inherits from StsPolicy and provides a structured way to manage token signing options, signing algorithms, and SAML token version settings. This class is used when integrating applications with Azure AD that require specific SAML token configurations for authentication and authorization purposes.

Source Code

class TokenIssuancePolicy(StsPolicy):
    """
    Represents the policy to specify the characteristics of SAML tokens issued by Azure AD. You can use token-issuance
    policies to:

     - Set signing options
     - Set signing algorithm
     - Set SAML token version
    """

Parameters

Name Type Default Kind
bases StsPolicy -

Parameter Details

__init__: Inherits constructor from StsPolicy base class. The exact parameters depend on the parent StsPolicy implementation, but typically would include policy identifiers, display names, and policy definition details specific to token issuance.

Return Value

Instantiation returns a TokenIssuancePolicy object that represents an Azure AD token issuance policy. Methods inherited from StsPolicy would return various types depending on their purpose (e.g., policy properties, update confirmations, etc.).

Class Interface

Dependencies

  • office365

Required Imports

from office365.directory.policies.sts import StsPolicy
from office365.directory.policies.token_issuance import TokenIssuancePolicy

Usage Example

from office365.directory.policies.token_issuance import TokenIssuancePolicy
from office365.runtime.auth.client_credential import ClientCredential
from office365.graph_client import GraphClient

# Authenticate with Azure AD
credentials = ClientCredential('client_id', 'client_secret')
client = GraphClient(credentials)

# Create or retrieve a token issuance policy
policy = TokenIssuancePolicy(client.policies.token_issuance_policies)

# Configure policy properties (inherited from StsPolicy)
policy.display_name = 'Custom SAML Token Policy'
policy.definition = [
    '{
        "TokenIssuancePolicy": {
            "SigningAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
            "SamlTokenVersion": "2.0"
        }
    }'
]

# Save the policy
policy.update().execute_query()

Best Practices

  • Always authenticate with appropriate Azure AD credentials before creating or modifying token issuance policies
  • Ensure the service principal has sufficient permissions (Policy.ReadWrite.ApplicationConfiguration) to manage policies
  • Validate SAML token version compatibility with your application before setting the policy
  • Use secure signing algorithms (RSA-SHA256 or higher) for production environments
  • Test policy changes in a non-production environment before applying to production applications
  • Keep policy definitions as JSON strings following Azure AD schema requirements
  • Document any custom token issuance policies for maintenance and compliance purposes
  • Consider the impact on existing applications when modifying token issuance policies

Tags

azure-ad saml token-issuance policy authentication security sts signing office365 identity

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class StsPolicy 64.2% similar

    StsPolicy is an abstract base class representing policy types that control Microsoft identity platform behavior, extending PolicyBase with specific functionality for managing policy application to directory objects.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/sts.py

  • class AuthorizationPolicy 62.6% similar

    A singleton class representing Azure Active Directory authorization policy settings that control tenant-level authorization behaviors.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authorization.py

  • class AuthenticationStrengthPolicy 61.7% similar

    Represents an Azure AD authentication strength policy that defines specific combinations of authentication methods and metadata for Conditional Access scenarios.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_strength.py

  • class AuthenticationMethodsPolicy 57.6% similar

    A class representing Azure Active Directory authentication methods policy that defines which authentication methods users can use for sign-in and multi-factor authentication (MFA).

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_methods.py

  • class AuthenticationFlowsPolicy 56.9% similar

    A class representing the policy configuration for self-service sign-up experience at a tenant level in Microsoft 365/Azure AD, allowing external users to request sign-up approval.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/policies/authentication_flows.py
← Back to Browse