Base solution for your next web application
Starts in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Open connect Provider issue #12029


User avatar
0
Bernard created

Hi,

I'm trying OpenIconnect services but got this issue :

appsettings

"OpenId": { "IsEnabled": "true", "Authority": "https://login.microsoftonline.com/{tenant}/v2.0", "ClientId": "XXXXXXXX", "ClientSecret": "XXXXXXXX, "ValidateIssuer": "false", "ResponseType": "code", "ClaimsMapping": [ { "claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "key": "http://schemas.microsoft.com/identity/claims/objectidentifier" } ]

i change also this method ` public virtual string GetUserNameFromClaims(List

  var emailClaim = claims.FirstOrDefault(c => c.Type == "unique_name");
  if (emailClaim != null)
  {
      return emailClaim.Value.ToMd5();
  }

  emailClaim = claims.FirstOrDefault(c => c.Type == ClaimTypes.Email);

  if (emailClaim != null)
  {
      return emailClaim.Value;


      //return claims.First(c => c.Type == ClaimTypes.Email)?.Value;

  }

  throw new UserFriendlyException($"Both unique_name and {ClaimTypes.Email} claims are missing!");

}` Thks for help


3 Answer(s)
  • User Avatar
    0
    Bernard created

    Hi,

    After changing this value

    var emailClaim = claims.FirstOrDefault(c => c.Type == "unique_name"); to

    var emailClaim = claims.FirstOrDefault(c => c.Type == "preferred_username");

    Everything works well

    But i think we **must always **add the tenant subdomain manually to make the openconnectId work ?

    • wildcard is not allowed *
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @Bernard

    As far as I know, Azure AD doesn't support dynamic redirect URLs, so yes.

  • User Avatar
    0
    Bernard created

    Hi

    I see it support but you must change manifest and workaround security So I prefer keep manually

    Thanks