I am using Azure AD authentication for my angular based single page application. Sign in functionality works like a charm and facing issues with the logout. Once the user logged out from the session, its hang on the Azure AD sign out page and not get redirected to the URI given in the post_logout_redirect_uri and allowing users to login without entering credentials again.
Looked for the help over the web and spent almost a week to resolve the issue. But still I didn't find any resolution for this. I came to know that already many users are facing the same issue and no solution provided for the same.
Has anybody faced this issue before and have a solution for the same?
I assume that you have added the app in Azure AD B2C .
Unfortunately,Azure new portal has removed POST LOGOUT LINK URI in company branding. In Azure classic portal , it also does not work for now. If this is important to you ,you can upvote it in this Feedback Forum.
Hope this helps!
I could able to fix the issue by passing b2c signup/signin policy id in the logout url. Now its get redirected to the desired logout landing page without hanging on Azure AD sign out page.
https://login.microsoftonline.com/{TENANT}/oauth2/v2.0/logout?p={B2C_SIGNUPIN_POLICY_ID}&post_logout_redirect_uri={APPLICATION_URL}
Related
We are implementing SSO with Azure AD for our SPA Angular application. We have successfully implemented SSO referring the documentation. But we have a requirement if the user is already logged in to AD, user need not to be redirected to the login page. User should automatically be redirected to the landing page. How can we implement this with Auth0?
I'm in thought of using a js libray like MSAL. But the issue is that the app is not hosted in Azure. Is there a way to figure out whether there is a active directory instance for a given domain.
If a valid session exists after already logging in with Azure AD you will not be asked to login again if your using MSAL.
My company is using this service Aha! Ideas for internal idea-sharing. Everything is set up correctly with Aha! and the page site loads and requests the email for the user. Once they put it in the Microsoft credentials from the host machine so an SSO and they are redirected to the secure page. On machines where the user has not authenticated against our domain on the workstation, they are redirected to the Microsoft login and after they login, the user is redirected to the site.
So Great!! that is all working perfectly.
Now, I go into App Studio in Microsoft Teams and set up the site to load as an App in the Sidebar. I have added the main URL as a tab, I have set up the Valid Domains and included login.microsoftonline.com and I have set ADD App ID to the one used in the SAML2 setup of Aha!.
When I load the app I get the page requesting my email, this is from Aha!, and when I submit it should use SSO from Teams to log me in. I am logged in to Teams using my company Microsoft Account. At a minimum, it should redirect to the login.microsoftonline.com and request my username and password. Instead, I get nothing but a blank page.
Anyone have any ideas as to why it's not working, or what I might have done wrong?
'SSO' in the truest sense with Teams -definitely- won't work - it requires changes to the app itself, which you don't control, but even aside from that, depending on how the app ends up doing it's authentication, this still might not work, as you're seeing. Is there maybe a chance Aha! is working on Teams integration?
I have set up sign-in for multi-tenant Azure Active Directory using custom policies in Azure Active Directory B2C using the guide provided in Microsoft's documentation.
I have added Azure Active Directory B2C as an identity provider for Azure API Management
When I want to sign in to the portal, I am presented with the AADB2C login screen correctly. I can select the AAD provider and I'm then taken through the signin process as I would expect. Authentication happens correctly.
However, when I am redirected back to the API Management developer portal, I am instantly presented with the AADB2C login screen again.
I am quite stuck at the moment as I am unsure how to debug this issue or what to look for next.
Has anyone been able to get this working properly, and if so, could you provide some guidance?
It turns out that the value of the policy key I created was incorrect. After updating the policy key with the correct Application key (Not Application ID), everything worked.
I deployed a web app in azure with authorization/authentication being set-up.
Once you logged in the web app you would be able to get the token using:
https:{webappname}.azurewebsites.com/.auth/me
then i tried to get the token and used it in postman using AUTHORIZATION header and it worked i was able to access the site with postman using that token. Now my concerns in after i logged out using:
https:{webappname}.azurewebsites.com/.auth/logout
I can still access the site using the token that i got recently. can someone explain why is this happening.
Thanks :D
That's happening because logout isn't necessarily invalidating the token.
In order to do something at your end, you could try to maintain a custom list on server for such invalid tokens.
Please look at these two SO posts discussing in a lot more detail.
azure mobile service active directory authentication X-ZUMO-AUTH
token valid in postman after logout
Invalidating JSON Web Tokens
I am writing a SPA web app that is registered as an app in Azure AD. Everything was working fine most of the week; however, when I went to work on it today, I wasn't getting the expected results.
I deleted and recreated the app registration, hoping it would fix the issue, but it made things worse. When I navigate to the URL, I'm redirected to log in to Azure AD. That part works fine. Since I just created the app registration, I would expect to be taken to a page to consent to the application, but instead I'm redirected back to my application.
I check the app registration in Azure, and it does not have me listed as a user of the application.
Because of all of this, I can't acquire tokens to call external APIs (which I have registered in my app registration).
I'm not sure why I am running into this all of the sudden. Any thoughts on why the OAuth consent is being by-passed? I'm starting to wonder if MSFT is having services issues or not, but more than likely, the problem is on my end.
Suggestions on how to troubleshoot are also welcomed!
There's two things you can do to give consent that will likely fix your app. From what it sounds like your app isn't consenting before ADAL.js you use acquireToken (which is a silent call and can't consent).
Go into the Azure Portal > Azure AD > the app you registered, then at the top hit Grant Permissions. This is the equivalent of admin consent and will consent for all users in your tenant.
Run your app and hit login. When you get redirected to the Azure AD sign in page, add to the url &prompt=consent, hit enter and reload the page w/ that parameter and sign in. This will force the consent screen and consent for the current user. You can also append on the prompt=admin_consent if you're signing in w/ an admin account.