I am serving SPA application with Azure AD B2C integration from Storage Container.
Everything works correctly with this address in browser ******.web.core.windows.net.
However when we add custom domain and CDN Profile and serve it on e.g. pets.dev.com, user gets redirected to B2C for authorisation and comes back to address ******.web.core.windows.net.
It is an expected behaviour since that is the redirected URL set by the SPA app when redirecting user to B2C.
Though when we change the redirect URL to e.g. pets.dev.com the app goes into endless loop when coming back from B2C. It goes to pets.dev.com and immidietly gets send back to B2C, B2C (as the user is logged) sends it back to pets.dev.com and loop repeats.
Any ideas what is wrong with the setup?
On SPA app I am using React with react-azure-b2c wrapper for MSAL.
Related
I've setup and configured an Azure Static Web App to utilize Azure Front Door as an entry point precisely following all of the steps here and am using Azure Active Directory for authentication.
After doing so, it seems that the consent page served from https://identity.azurestaticapps.net/.auth/login/done appears to be displayed upon every single login. (Note: This was not happening before configuring Azure Front Door).
Is anyone aware of why this consent page continuously shows on each subsequent login to the application?
We are implementing SSO with Azure AD for our SPA Angular application. We have successfully implemented SSO referring the documentation. But we have a requirement if the user is already logged in to AD, user need not to be redirected to the login page. User should automatically be redirected to the landing page. How can we implement this with Auth0?
I'm in thought of using a js libray like MSAL. But the issue is that the app is not hosted in Azure. Is there a way to figure out whether there is a active directory instance for a given domain.
If a valid session exists after already logging in with Azure AD you will not be asked to login again if your using MSAL.
I'm trying to integrate Azure AD B2C with my App Service using the Authentication / Authorization menu in the portal (also called EasyAuth).
This is what I did:
Registered the application in Azure B2C
Recorded the App ID
Defined user flows (just Sign In)
Set up identity provider (Azure AD)
Tested the user flow, with Redirect URI pointing to jwt.ms, to see the result - works fine
Enabled Authentication / Authorization in the App Service in the Portal
Configured Azure AD authentication with the App ID from above and the link to the endpoint metadata
But now, when I access the App Service, I'm redirected to a "Logging in..." page which immediately goes to the jwt.ms page, with no JWT data, no login page, and no opportunity to enter my credentials.
Just an empty jwt page.
I couldn't find anything in the docs that can explain this.
What am I missing?
What we'd like to do is to automatically Sign In\Login the user after they successfully Sign Up.
Let's say the user got an invitation for the application. They go to the Sign Up page, fills out the form and clicks the Create button. If all is OK, the user is added to Azure B2C directory and then we'd somehow have the Sign In policy run automatically OR some other way of logging in automatically.
So I just want to know if this is viable or not when using Azure B2C.
EDIT
After further debugging I see what is the problem...
We have an old AngularJS (1.6) SPA application.
An #id_token is sent back from Azure B2C after the user completes the Sign Up process... however after the URL in the browser has the #id_token, control is not passed to the application, that is, OWIN middleware is not being called. For the Sign In it works as expected since it starts from within the SPA itself. The user clicks the Login button and is redirected by msalService.loginRedirect.
The Sign Up policy execution is different because it starts by an e-mail invitation link only. So it's not from within the SPA itself.
The hash portion of #id_token is being messed up by AngularJS once Azure B2C redirects back to the app.
I already played with AngularJS $locationProvider.html5(true) mode but it did not work.
What I'm trying to do now is to redirect to a custom signup.html reply URL and then return to the AngularJS app but I'm not sure how to wire up this.
By default, at the end of a flow (i.e. all built-in flows except the password reset flow and all custom flows except the password reset flow), an SSO session is generated for the user so, in effect, they are signed in after sign-up.
Therefore, the default experience in the same session is that, if a user signs up for App A and then is redirected to sign in for App B, then they won't be prompted to re-authenticate.
You can configure the sign-up and sign-in flows so that they issue the same claims so applications can handle the sign-up and sign-in callbacks with the same behavior.
I am writing a SPA web app that is registered as an app in Azure AD. Everything was working fine most of the week; however, when I went to work on it today, I wasn't getting the expected results.
I deleted and recreated the app registration, hoping it would fix the issue, but it made things worse. When I navigate to the URL, I'm redirected to log in to Azure AD. That part works fine. Since I just created the app registration, I would expect to be taken to a page to consent to the application, but instead I'm redirected back to my application.
I check the app registration in Azure, and it does not have me listed as a user of the application.
Because of all of this, I can't acquire tokens to call external APIs (which I have registered in my app registration).
I'm not sure why I am running into this all of the sudden. Any thoughts on why the OAuth consent is being by-passed? I'm starting to wonder if MSFT is having services issues or not, but more than likely, the problem is on my end.
Suggestions on how to troubleshoot are also welcomed!
There's two things you can do to give consent that will likely fix your app. From what it sounds like your app isn't consenting before ADAL.js you use acquireToken (which is a silent call and can't consent).
Go into the Azure Portal > Azure AD > the app you registered, then at the top hit Grant Permissions. This is the equivalent of admin consent and will consent for all users in your tenant.
Run your app and hit login. When you get redirected to the Azure AD sign in page, add to the url &prompt=consent, hit enter and reload the page w/ that parameter and sign in. This will force the consent screen and consent for the current user. You can also append on the prompt=admin_consent if you're signing in w/ an admin account.