Hi,
I'm trying OpenIconnect services but got this issue :
appsettings
"OpenId": { "IsEnabled": "true", "Authority": "https://login.microsoftonline.com/{tenant}/v2.0", "ClientId": "XXXXXXXX", "ClientSecret": "XXXXXXXX, "ValidateIssuer": "false", "ResponseType": "code", "ClaimsMapping": [ { "claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "key": "http://schemas.microsoft.com/identity/claims/objectidentifier" } ]
i change also this method ` public virtual string GetUserNameFromClaims(List
var emailClaim = claims.FirstOrDefault(c => c.Type == "unique_name");
if (emailClaim != null)
{
return emailClaim.Value.ToMd5();
}
emailClaim = claims.FirstOrDefault(c => c.Type == ClaimTypes.Email);
if (emailClaim != null)
{
return emailClaim.Value;
//return claims.First(c => c.Type == ClaimTypes.Email)?.Value;
}
throw new UserFriendlyException($"Both unique_name and {ClaimTypes.Email} claims are missing!");
}` Thks for help
3 Answer(s)
-
0
Hi,
After changing this value
var emailClaim = claims.FirstOrDefault(c => c.Type == "unique_name");tovar emailClaim = claims.FirstOrDefault(c => c.Type == "preferred_username");Everything works well
But i think we **must always **add the tenant subdomain manually to make the openconnectId work ?
- wildcard is not allowed
*
- wildcard is not allowed
*
-
0
Hi @Bernard
As far as I know, Azure AD doesn't support dynamic redirect URLs, so yes.
-
0
Hi
I see it support but you must change manifest and workaround security So I prefer keep manually
Thanks
