Quantcast
Channel: Azure Active Directory forum
Viewing all 16000 articles
Browse latest View live

Azure AD B2C - "invalid_grant" when accessing "/token" authorization endpoint

July 15, 2016, 1:05 am
$
0
0

I thoroughly followed this guide in order to create an active directory and an application:

https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/

I added full application permissions for: Windows Azure Service Management API, Windows Azure Active Directory and Microsoft Graph. 

In the Microsoft Azure Portal, in Azure AD B2C settings, I added a Sign in and Sign up policy.



The '/authorize' endpoint is accessed as follows:

https://login.microsoftonline.com/2d779d37-.../oauth2/authorize?p=[my_sign_in_policy]&client_Id=[application_client_id]&nonce=defaultNonce&redirect_uri=http://www.localhost:9000/&scope=openid&response_type=code+id_token&prompt=login

The [application_client_id] is copied from the CLIENT ID box in my application configuration.

The user I'm authenticating has Global Admin role.

After successful login I receive as hash parameters: "code" and "id_token".





The '/token' endpoint is accessed as follows:

Method: POST

https://login.microsoftonline.com/2d779d37-.../oauth2/token?grant_type=authorization_code

&client_id=[application_client_id]&code=[code_from_previous_step]&redirect_uri=http://localhost:9000/&resource=https://graph.windows.net/&client_secret=[application_client_secret]

I get the [application_client_secret] from the "keys" section in my application configuration.



When accessing the '/token' endpoint, I get the following error response:

400, Bad request

{"error":"invalid_grant","error_description":"AADSTS70000: Authentication failed: Authorization Code is malformed or invalid.\r\nTrace ID: 94f3ca04-2f33-402e-a80e-dc1147b1b49b\r\nCorrelation ID: 8fb2aebd-53ec-4c0b-8852-71fc8c6849ea\r\nTimestamp: 2016-07-15 07:11:13Z","error_codes":[70000],"timestamp":"2016-07-15 07:11:13Z","trace_id":"94f3ca04-2f33-402e-a80e-dc1147b1b49b","correlation_id":"8fb2aebd-53ec-4c0b-8852-71fc8c6849ea"}



What I have tried:

Removing application write permissions for Windows Azure Service Management API, Windows Azure Active Directory and Microsoft Graph.

Adding scope=openid%20offline_access parameter to '/token' endpoint.

Adding p=[my_signin_policy]   parameter to '/token' endpoint.

None of which had any effect on the response.



Search

AD Connect scheduler not running with Event ID 905

July 15, 2016, 1:40 am
$
0
0

Hi All,

I recently upgraded from DirSync to AD Connect.

everything was running find for the remainder of that day (thought "Well that was easy..."

I received an email stating that the Directory had not been synced for the last 24 hours etc..

When trying to check the Scheduler using "Get-ADSyncScheduler" (Which worked previously) I receive the below error.

PS C:\Users\administrator> Get-ADSyncScheduler
Get-ADSyncScheduler : System.Management.Automation.CmdletInvocationException: Element 'mv-data' was not found. Line 1,
position 2. ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException:
Element 'mv-data' was not found. Line 1, position 2.
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetGlobalSettings()
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncGlobalSettingsParameterCmdlet.ProcessRecord()
   --- End of inner exception stack trace ---
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input,
PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1
output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output,
PSInvocationSettings settings)
   at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell
powerShell)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName,
InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand[T](String commandName,
IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
   at SchedulerUtils.GetCurrentSchedulerSettings(_ConfigAttrNode* pcanList, UInt32 ccanItems, Char**
syncSettingsSerialized, Char** errorString)
At line:1 char:1
+ Get-ADSyncScheduler
+ ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : WriteError: (Microsoft.Ident...ADSyncScheduler:GetADSyncScheduler) [Get-ADSyncScheduler]
   , PSInvalidOperationException
    + FullyQualifiedErrorId : System.Management.Automation.CmdletInvocationException: Element 'mv-data' was not found.
    Line 1, position 2. ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidati
  onException: Element 'mv-data' was not found. Line 1, position 2.
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetGlobalSettings()
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncGlobalSettingsParameterCmdlet.ProcessRecord()
   --- End of inner exception stack trace ---
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
       at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncIn
   voke)
       at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isS
   ync)
       at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCol
   lection`1 output, PSInvocationSettings settings)
       at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollectio
   n`1 output, PSInvocationSettings settings)
       at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PS
   InvocationSettings settings)
   at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
       at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell power
   Shell)
       at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, Initial
   SessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
       at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand[T](String commandName, IDic
   tionary`2 commandParameters, Boolean isScript)
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.get_CurrentSchedulerSettings()
       at SchedulerUtils.GetCurrentSchedulerSettings(_ConfigAttrNode* pcanList, UInt32 ccanItems, Char** syncSettingsS
   erialized, Char** errorString),Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncScheduler

This also happen when I try running the schedule manually using "Start-ADSyncSyncCycle -PolicyType Delta"

I am able to run sync running each Run Profile individually from with in "miisclient.exe"

If I do that then everything sync but I am still receiving an error that the Passwords have not synced in the last 39 hours.

since I upgraded, and saw syncs were operational etc, nothing has been changed on the server.

I have since re-run the AD Connect Setup to repair, but still getting same issue.

Event ID 905 error below:

Log Name:      Application
Source:        Directory Synchronization
Date:          7/15/2016 10:36:56 AM
Event ID:      905
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      FIM-HO.boston.co.za
Description:
Scheduler::SchedulerThreadMain : An error occured and scheduler run failed to perform all operation.
 System.Management.Automation.CmdletInvocationException: Element 'mv-data' was not found. Line 1, position 2. ---> Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Element 'mv-data' was not found. Line 1, position 2.
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetGlobalSettings()
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncGlobalSettingsParameterCmdlet.ProcessRecord()
   --- End of inner exception stack trace ---
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
   at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand[T](String commandName, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.RefreshSchedulerVariables()
   at Microsoft.MetadirectoryServices.Scheduler.Scheduler.SchedulerThreadMain()
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Directory Synchronization" />
    <EventID Qualifiers="0">905</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-07-15T08:36:56.000000000Z" />
    <EventRecordID>245996</EventRecordID>
    <Channel>Application</Channel>
    <Computer> ***name removed***</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Scheduler::SchedulerThreadMain : An error occured and scheduler run failed to perform all operation.
 System.Management.Automation.CmdletInvocationException: Element 'mv-data' was not found. Line 1, position 2. ---&gt; Microsoft.IdentityManagement.PowerShell.ObjectModel.SynchronizationConfigurationValidationException: Element 'mv-data' was not found. Line 1, position 2.
   at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.GetGlobalSettings()
   at Microsoft.IdentityManagement.PowerShell.Cmdlet.GetADSyncGlobalSettingsParameterCmdlet.ProcessRecord()
   --- End of inner exception stack trace ---
   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
   at System.Management.Automation.PowerShell.CoreInvoke[TOutput](IEnumerable input, PSDataCollection`1 output, PSInvocationSettings settings)
   at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.TypeDependencies.InvokePowerShell(IPowerShell powerShell)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand(String commandName, InitialSessionState initialSessionState, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.Online.Deployment.PowerShell.PowerShellAdapter.InvokePowerShellCommand[T](String commandName, IDictionary`2 commandParameters, Boolean isScript)
   at Microsoft.MetadirectoryServices.Scheduler.SchedulerSettingUtilities.RefreshSchedulerVariables()
   at Microsoft.MetadirectoryServices.Scheduler.Scheduler.SchedulerThreadMain()</Data>
  </EventData>
</Event>

any assistance will be GREATLY appreciated please.

Thanks

Shaun

How to reset the password of an Azure Active Directory user using UWP platform and C#

July 15, 2016, 6:18 am
$
0
0

I am trying to force a user to change the password at the next login. have found plenty of links to Azure Developer Network resources but am unable to find a working example to compare to the code I have.which is not working. Any help would be extremely welcome.

 public static async Task<List<UserPwdReset>> UpdatePassByAlias(string alias, string accessToken, string tenantId)
        {
            List<UserPwdReset> results = new List<UserPwdReset>();

            string graphRequest = String.Format(CultureInfo.InvariantCulture, "{0}/{1}/users/{3}?api-version={2}", graphResourceUri, tenantId, graphApiVersion, alias);
            HttpClient client = new HttpClient();
            HttpRequestMessage request = new HttpRequestMessage(new HttpMethod("PATCH"), graphRequest);
            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

            var passwordProfile = new
                {
                    password = "Test12345",
                forceChangePasswordNextLogin = true
                };

            string serializedData = JsonConvert.SerializeObject(passwordProfile);
            request.Content = new StringContent(serializedData, System.Text.Encoding.UTF8, "application/json");

            using (HttpResponseMessage response = await client.SendAsync(request))
            {
                if (response.StatusCode == HttpStatusCode.OK)
                {
                    var json = JObject.Parse(await response.Content.ReadAsStringAsync());

                }
            }

            return results;
            }
        }

Application redirecting to Error Page while redirecting to AZURE AD Login Page

July 15, 2016, 8:14 am
$
0
0

Hi,

We have implemented AZURE AD in Web Application. Facing an issue while

  • Application is IDLE for an hour, then click on any program or menu in the web application its redirecting toAzure AD login page; Immediately (within a fraction of second) its redirecting to our APPLICATION error Page.
  • Now remove the error page from the URL and hit Enter 
  • Again it regenerating AAD session/cookie and application running well

Application Framework -

  • ASP.NET MVC 4.
  • Published in AZURE CLOUD Service.

Only Problem is that it goes to error page after one hour (idle)

Thanks in advance for help.

Best Regards,

DG

SSO using SAML 2.0 IDP to Office 365 is not working

July 15, 2016, 1:39 am
$
0
0

I am trying to SSO from my system to Office 365 using SAML 2.0 Previously, I can do that before but now its broken with following error:

What might have go wrong? there is not change in setup of my system.

Rahul Mondal Sr. Software Eng. ensim.com

Error unauthorized_client AADSTS70001

July 15, 2016, 3:58 pm
$
0
0

Hi,

I try Autenticate with OAUTH but always return this error, I dont know to do.

AADSTS70001:+Application+'12c6e4af-ffbe-430a-9821-cee872c3be59'+is+not+supported+for+this+API+version.Trace+ID:+493969fc-22c4-4d5c-92cc-67a2eb62790dCorrelation+ID:+bce8728f-f48a-4c98-be50-15ac4558f227Timestamp:+2016-07-15+22:36:19Z

Thanks for some help

Use ADAL with Dynamics CRM Web API

July 15, 2016, 2:39 pm
$
0
0

Via Twitter

@AzureSupport Any guides for Microsoft ADAL absolute beginners on how to use Dynamics CRM Web API? The guides online are a bit over my head. 

Happy to help. Have you referenced this documentation?:aka.ms/d1269331 Feel free to Direct Message. ^JN

Hi, thanks for the link! Yes I did read that carefully but I'm afraid it's still over my head. Basically, I am a web designer (new to web development) and want to have my company's website make a GET request to access a JSON file of data from our CRM so that I can create a membership directory on our website that people can search through with up to date info. I know Dynamics CRM 2016 added the Web API, so I just need to set up authorization so that it is secure (I only want it to be able to respond to GET requests and of only certain types of data). Is there any resource you have that can show me how to do that? From what I understand I just have to register an app and then configure it the right way, but it is getting confusing and I don't want to do anything that could cause a security issue for our organization. 

Thanks,
@AzureSupport


Azure AD B2C - error when creating sign-up policy

July 15, 2016, 3:34 pm
$
0
0

Hi

I'm trying to create my sign-up policy but I get the following error message:

There was an error while creating the policy 'An object was not found while retrieving extension properties in tenant "73a55309-...". Error returned was 404/Request_ResourceNotFound: Resource '7c7ab660-...' does not exist or one of its queried reference-property objects are not present.'

Despite this error my policy has been created. Is that OK?

Edit: I've noticed that this problem occurs for each policy that I try to create.
Search

monitor azure AD Connect

July 15, 2016, 5:00 pm
$
0
0

I upgraded from Azure AD Sync to Azure AD Connect.  We have a Hybrid Office 365 (E3) setup with windows 2012 Active Directory. We do a directory sync w/ password.

I want to be able to check the status of the Sync but I don't see any tools for doing this.   When I look online everything is about Azure AD Connect Health - which requires Azure AD Premium.

So how do those of us who do not have Azure AD Premium monitor our Azure AD Connect sync status.   


Fred Zilz

Field/Link for Terms and Services

July 15, 2016, 9:59 am
$
0
0

Hi,

I am working on an application that integrates with Azure AD. When we direct users to grant permission to our application, for legal reasons, we need them to consent to our terms and services. Google Apps Marketplace has this feature (https://developers.google.com/apps-marketplace/preparing#configure_the_google_apps_marketplace_sdk - Support URLs: enter a URL for your app's terms of service); is there something like this for Azure AD?

Enforce Azure AD Password Policies when Using Graph API

July 17, 2016, 11:31 pm
$
0
0
We are currently using Graph API to Create and Manager external users for our application. We have now discovered that when using Graph none of the Azure AD password policies are being enforced. Is it possible to enforce password policies for user created and managed via Graph API?

Sync from On-Premises to Azure AD B2C

July 18, 2016, 1:23 am
$
0
0

Hi , 

Is there any tools available to sync the objects from On-Premises to Azure AD B2C ? I think AD Connect is not the right one for this? 

Can't change my password using https://passwordreset.microsoftonline.com

July 18, 2016, 3:41 am
$
0
0

No matter how much secured my password is, i keep getting the error below

This password does not meet the length, complexity, age or history requirements of your corporate password policy.

 

Brief information about my setup

Account is synced to azure AD

We are currently using ADFS

I have enabled AZURE AD premium

I have enabled users can reset password



I can type in the users information and answer the security questions and text conformation through the phone before it displays the  enter new password page. No matter how secured the password is, it wont work. The password complexity on premises is just the standard default. i can logon to the users account and change the password which writes back to AD without any issues. The only problem is a senario where i have to go through https://passwordreset.microsoftonline.com . Has anyone had this issue before or do i still need to enable a feature?


AADSTS65001: The user or administrator has not consented to use the application with ID????

June 23, 2016, 6:31 am
$
0
0

Hi,

Scenario is that I am trying to do a signup/onboarding process using OAuth V2 for a multi-tenant application.
I have my application registered with the App Registration Portal.
I am using the new MSAL library to get support for the v2 endpoints.

I issue a sign-in request as follows:
/common/oauth2/v2.0/authorize?client_id=client-id&response_mode=form_post&response_type=code+id_token&scope=openid+profile+Mail.Read&redirect_uri=https%3A%2F%2Flocalhost%3A44336%2FSignup%2FProcessCode&state=5480aa4b-4bfc-4b87-8a8f-bc3eb79acc00&nonce=34e039ae-7894-409a-b9ff-013479af30b9

On the first run the consent screen is presented to the logging in user.

I get the code and id_token back.

Then try and get the token

ConfidentialClientApplication cca = new ConfidentialClientApplication(   "client-id",
 redirectUri.ToString(),
 new ClientCredential( AppSettings.Current.ClientSecret ),
 null /*sessionCache*/ );

AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync( scopes, code );

which issues the following POST request:
/common/oauth2/v2.0/token
scope=Mail.Read+openid+email+profile+offline_access
&client_id=client-id
&client_secret=thesecret
&grant_type=authorization_code
&code=thecode
&redirect_uri=https%3A%2F%2Flocalhost%3A44336%2FSignup%2FProcessCode

Which returns the following error:

{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID 'client-id'. Send an interactive authorization request for this user and resource.\r\nTrace ID: 54ba8bcb-0963-4f5f-ac60-4832baa3bc90\r\nCorrelation ID: 38c6457c-8cfe-42a0-91ff-37ccbad1a553\r\nTimestamp: 2016-06-23 12:13:57Z",
"error_codes":[65001],
"timestamp":"2016-06-23 12:13:57Z",
"trace_id":"54ba8bcb-0963-4f5f-ac60-4832baa3bc90",
"correlation_id":"38c6457c-8cfe-42a0-91ff-37ccbad1a553"}

So how do I fix or get around this problem?

Or should I revert back to oauth v1 - and if so where is the app registration portal for oauth v1 use.

Thanks

Donal


Azure AD Connect & Computer Accounts

July 18, 2016, 8:34 am
$
0
0

Hi, I'm wondering why I would want to sync my local computer accounts to AAD?  Can anyone give some good use cases for this?

~Chad

Search

Data federation between Azure AD and Azure AD B2C

July 18, 2016, 7:47 pm
$
0
0

I'm trying to use Azure AD B2C, and I have a question about data federation between Azure AD and Azure AD B2C. 

1. A user has a user account in Azure AD directory.

2. The user register external E-mail address as a new account to Azure AD B2C directory.


In this case, is there a best practice to integrate these two accounts?

No post data is being sent to my application to authenticate

July 18, 2016, 10:31 pm
$
0
0

From @larsklint via Twitter

"Another question for your guys. I have created a custom application in my AD and configured SSO for this application. When I try and use it to log in, no post data is sent to the receiving application from Azure to authenticate. Any ideas?"

Over DM

Thanks,

@AzureSupport

AADSTS50000: There was an error issuing a token. AADSTS90092: Non-retryable error has occurred.

July 17, 2016, 8:55 pm
$
0
0

Hi

I have integrated my web app in order to allow my users to send email using their work accounts. If I test using my free office365 dev account everything works unfortunately when my client users try I get the error

AADSTS50000: There was an error issuing a token. AADSTS90092: Non-retryable error has occurred.

I have tried using both

  'oauth2_auth_url' => 'https://login.microsoftonline.com/common/oauth2/authorize',
  'oauth2_token_url' => 'https://login.microsoftonline.com/common/oauth2/token',

and

  'oauth2_auth_url' => 'https://login.windows.net/common/oauth2/authorize',
  'oauth2_token_url' => 'https://login.windows.net/common/oauth2/token',

To my knowledge my app is not requesting any permissions that require admin access.

Any assistance will be greatly appreciated.

Azure Active Directory - B2C

July 18, 2016, 8:39 pm
$
0
0


Hi all,

Greetings & Good day !

Could some one shed light on the below questions please on AAD B2C.

Would it be possible to NOT save user passwords on AAD B2C?

When issuing access tokens after authenticating with user ID and password, does AAD B2C automatically save these?


SAML - Unable to get back to SP site after logout from Azure AD(IDP)

July 18, 2016, 8:04 am
$
0
0

Hi,

We are using standard SAML request-response to authenticate users in our application.

We have integrated three identity providers

1. OKTA

2. OneLogin

3. Azure AD

For all of three above, SSO is working fine. for SLO(Single Logout), OKTA and Onelogin are fine. but on azure ad, when it request for SLO to azure ad app, it successfully logs-out the user and display a message on their page. but after logout it doesn't redirect-back to our application. This functionality is working fine for other two.

Interesting thing is Azure ad never asked me to enter ReturnURL for logout when i created/setup application on it. In short, we are providing any details that where to redirect after logout to azure ad.

Where and How we can provide returnURL for logout on azure ad?

Can we have an option to send returnURL with request in case of azure ad?

Thanks,

Mitesh J.

Viewing all 16000 articles
Browse latest View live
Search