Base solution for your next web application
Ends in:
01 DAYS
01 HRS
01 MIN
01 SEC
Open Closed

Azure audience validation error when using ADFS #3020


User avatar
0
terry bentley created

I am trying to add Azure active directory federated service (adfs) to my application. I have created the Azure Active Directory, defined and configured the application and done the necessary configuring in Azure

I added the following to the web.config appSettings <add key="ExternalAuth.WsFederation.IsEnabled" value="true" /> <add key="ExternalAuth.WsFederation.MetaDataAddress" value="https://login.windows.net/9c0ca03c-e4f9-4120-87c0-xxxxxxxxxxxx/FederationMetadata/2007-06/FederationMetadata.xml" /> <add key="ExternalAuth.WsFederation.Wtrealm" value="2dbbdc18-2b40-4654-9f3c-xxxxxxxxxxxx" />

When I click on the ADFS button to login, I get an error: IDX10214: Audience validation failed. Audiences: 'spn:2dbbdc18-2b40-4654-9f3c-xxxxxxxxxxxx'. Did not match: validationParameters.ValidAudience: '2dbbdc18-2b40-4654-9f3c-xxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'

This error occurs whether I use the localhost application or deploy it to Azure and run it from there.

I have reviewed the various ASP.Net forum posts that refer to ADFS and active directory but nothing seems to point to the above error or where it might be originating from. Can someone enlighten me as to where I must have missed or misconfigured something.

Thanks... Terry


3 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Have you figured it out ? When we implemented this feature, it worked for us with azure AD but I don't remember very well how I did configure our account.

  • User Avatar
    0
    terry bentley created

    Since I couldn't get the ADFS working, I switched over to seeing whether I could use OpenId instead to access the Azure Active Directory. I have been able to signon with OpenId but only if I manually put a record in the AbpUserLogins table (it was empty).

    How is the AbpUserLogins table maintained?

    Thanks... Terry

  • User Avatar
    0
    hikalkan created
    Support Team

    UserLogins are added in AccountController normally. You can search for "new UserLogin" text in your code to find where a UserLogin object is created.