As we continue to upgrade our services, there are a few additional items we would like you to know about which was not covered in the change notification last month. These changes impact both the JWT and SAML token formats.
Claims Changes
First, the new ObjectId claim will be present in WebSSO scenarios. In SAML tokens , this claim will have claim type “http://schemas.microsoft.com/identity/claims/objectidentifier”. In JWT tokens the claim will have claim type “oid”.
Second, in the SAML tokens the name identifier will now be set to a pairwise identifier (a base64encoded value specific to the user and application). In JWT tokens the pairwise identifier will be included as claim
type “sub”.
You should begin to see this change now, or in the next few days depending on geography.
EndPoints Upgrade
In addition, while the new endpoints are up (login.windows.net) people should not use them yet as they are not fully enabled. You may experience strange behavior if you use this endpoint. Our upgrade process is still ongoing. We will make
a larger announcement when they have been upgraded. For code running now you should continue to use the old endpoints.We will keep existing endpoints up for one month after the new endpoints become live.
Thanks