I am using adal.js for implementing the login to my app. For some reason, I cannot use admin_consent so I am using prompt=consent in extraQueryParameter.
I am getting the prompt as well but after accepting the same it is giving an error
AADSTS9000411: The request is not properly formatted. The parameter 'prompt' is duplicated.
When checked the query contains 2 prompts
prompt=consent and
prompt=none
Can someone please help why I am getting prompt=none when I am using "consent"?
Any help would be appreciated. Screenshots attached for reference.
prompt duplicate
prompt error screen
Please check Prompt behavior equivalents in MSAL.NET to that of prompt behavior in ADAL.NET :
PromptBehavior.RefreshSession in adal equivalents prompt value
Consent in msal.net which forces the user to consent again to all
permissions when using acquireToken method.
Or
Try to use PromptBehavior.Always which ignores the cache and allows
to sign in as a fresh new user.
Reference:
c# - Sign in to Azure AD using ADAL for .NET - Stack Overflow
azureactivedirectory-library-for-js issues
I've found a way to resolve the issue I was facing.
This "prompt" error can be fixed in two ways-
EITHER upgrade the library to version greater than 1.0.16.
OR use "consentType=Principal" in extraQueryParameter config for giving user consent.
in lower versions-
"By design, the prompt parameter is not configurable by the user. AcquireToken happens in a hidden iframe and its prompt value cannot be anything other than none."
Related
On my signup page i want to check if a certain user with the an email that i specify exists or not. I did try the approach on the answer given to this question (react native firebase check if user already exisits in real time database) but i get an error when i try to do that
I am aware that when you are doing firebase.auth().createUserWithEmailAndPassword it tells you weather user already exists or not, but for reasons that are complicated to explain, i dont want to do that for the time being. I do, however, have access to the config
If the create user func is done on a different page from where the actual form its-self is, then the options are:
Query the results as seen in the link above, given you fix the error
Use Firebase Admin SDK (the better option in my opinion), which gives you access to a number of useful functions, which won't require a form, one of which is:
admin.auth.getUserByEmail(email)
There are several functions that will get you the information you need.
Here is a guide for adding the Admin SDK to your project (should you wish): https://firebase.google.com/docs/admin/setup
In the firebase console you can already set it up under Authentication -> Sign-in method tab and scroll down to the bottom you will see Advanced and set 'One account per email address'
I'm looking for a way to automate the process of updating admin credentials inside an enterprise app in AAD. Looking at the Microsoft docs e.g. here this should be possible via the graph api. Whenever I attempt these steps I'm running into "InternalServerError" along with "Microsoft.Graph.ServiceException: Code: UnknownError".
My dotnet code for validating existing credentials is the following.
await graphServiceClient.ServicePrincipals[$"{servicePrincipalId}"].Synchronization.Jobs[$"{jobsId}"]
.ValidateCredentials(null,null,null,credentials)
.Request()
.PostAsync();
The result is the error above with the same error for any other synchonization method. I've considered it could be a permissions issue but I've found that the api does a reasonable job of sending permission issues back so I'm stumped at this point.
Does anybody have any advice on this?
I see that you're updated that "The result is the error above with the same error for any other synchronization method". In such scenario, I would do the basic sanity checks
Validate the credentials that
you're using
Make sure the user context has necessary scopes/roles
defined too
Make sure the template and the parameters that you're
is correct.
Once you assigned app role to the user that you're using for delegating permissions, it worked for you.
Is there a way to configure custom error messages or maybe even a custom error page in Azure Active Directory to display when something goes wrong during sign in instead of the "Sorry, but we’re having trouble signing you in." text and error details?
I was not able to find any documentation on this but after further digging I found that there is a errorUrl parameter in the application (app registered in the AAD and used for sign in) manifest. My initial thought was that in case of an error MS/AAD would redirect to this url with the error codes but as far as I have tested this errorUrl url does not seem to be used at all.
What is the errorUrl parameter meant for and is there realy no way to specify/configure custom error messages?
No, there is no way to specify custom error messages or error pages.
In certain flows, in certain cases, the error message is passed back to your application (instead of being displayed in the Azure AD sign-in page) where you can deal with it as you see fit. (I don't believe there is any standard guidance on which error cases result in an error returned back to the app.)
If you want to custom error page, you can use custom policy in Azure AD B2C. For more details, please refer to the article
I've been working with the Azure B2C for a couple of days now and have a few issues and questions:
Url that it creates to redirect for login is formed incorrectly. It contains a question mark twice - after the url, and again after the profile name. This causes a 404 not found error every time you login, log out, etc. For example, the URL it tries to redirect to for login looks like this: https://login.microsoftonline.com/samlmanbc.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_firstdemoprofile?client_id=08fcblahblah. You'll notice a second question mark after the profile name, and that's what breaks it.
If I fix that and try and log in, it doesn't recognize the username / password of my account that's a global admin. It DOES recognize the username / password of a new user I created locally in the directory.
In the OnRedirectToIdentityProvider method, when the request type is authentication, the AuthenticationResponseChallenge is null, which makes this call fail:
OpenIdConnectConfiguration config = await mgr.GetConfigurationByPolicyAsync(CancellationToken.None, notification.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary[Startup.PolicyKey]);
I worked around this by using the static string SignInPolicyId for the second parameter. That works fine when an account already exists, but if it doesn't then Azure fails at login and says an account doesn't exist for the user. So what is the right value to use there, and/or how does one initialize it so it isn't null?
The type of a claim that was added to a profile is preceded with "extension_"; is that always going to be true or just for now? For example, I added a property called "favoriteTeam", but the claim type for it is "extension_favoriteTeam".
When you use FaceBook as an identity provider, is there any way to pass along the Facebook access token claim (http://www.facebook.com/claims/AccessToken)? This was useful when using ACS with Facebook because your app can then use that token to make additional calls to Facebook to get data from it.
In relation to issue 1 - I updated my reference Microsoft.IdentityModel.Protocol.Extensions to v1.0.2.206221351 and it started working. I made some updates to other references before this, so if the first one doesn't work, try updating more assemblies from nuget.
This is as expected. A page that signs in "local account" users will not sign in your work or school account (in this case, the global admin user).
Always going to be true. We will be cleaning up the Admin UX to make this more clear.
This is on our roadmap. No ETA as yet.
Ive been advised by Docusign to post here.
I have 4 clients who I've installed the Docusign for Salesforce App for. I've followed the installation instructions and every time I end up with the same error. When it comes to entering my Salesforce credentials it says they are wrong or I have not added the trusted network. I know the credentials are correct and I have entered the trusted network. I've tried various things like using security token in the password, configuring at the docusign end. Nothing works, Docusign don't know what the issue is, I've also raised a case with Salesforce and they can't help. I can't understand why an App on the app exchange can't get passed configuration and noone can help! Hopefully someone here can help. Thanks
The DocuSignAPI tag on Stack Overflow is used for api development and integration questions normally, however I will try to address your issue...
First off, if you could update your question with a screenshot of the error and screen you are on when you receive the error that would help isolate the issue.
With that in mind, what screen are you on? Are you on the screen that's titled "Connect DocuSign to Salesforce"? Even though you've mentioned I just want to double check that you are entering your Salesforce user credentials and not your DocuSign credentials.
Next, what environment are you selecting? And what type of DocuSign account do you have? You need to make sure that you are pointing to an environment where you have an existing account. For instance, if you have a DocuSign demo account but you are pointing to Production during the install, you might get that error.