Hi there,
Today I upgraded to the latest version of the aspnetzero framework, to enable Office365 login support for our corporate Azure Active Directory domain. However, it is not working. I have searched a lot, but it seems I have to rewrite the MSAL.js usage in order to make it working accordingly.
Could you please take a look to our configuration? Here is the configuration file for OpenID:
`"OpenId": {
"IsEnabled": "true",
"ClientId": "a6f3e01c-5eeb-4cce-8fce-e8df964152f2",
"Authority": "https://login.microsoftonline.com/a730caa6-12ef-4586-9f28-6cfc59c76a6a/",
"LoginUrl": "https://login.microsoftonline.com/",
"ValidateIssuer": "true",
"ClaimsMapping": [
{
"claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"key": "http://schemas.microsoft.com/identity/claims/objectidentifier"
}
]
},`
From the Azure Portal, I created an app registration, took clientid (a6f..) and tenant ids (a730...). The button is visible,** but after any successful login, it redirects me to the office.com**, instead of my application. I first tried on localhost, then on our test address. None of them working.
3 Answer(s)
-
0
Hi enerjisauretim ,
- Firstly you need to provide a valid RedirectUri in the registered app on Azure AD Application that you have created. Example of a valid RedirectUri would be :
http://localhost:4200/account/login
- Also login.service.ts file make sure that the above RedirectUri is mentioned in the method
getOpenIdConnectConfig() - Its important to redirect user to this
/account/loginroute first .
-
0
I found the problem; It resides to the fact that OpenIdConnecAuthProviderApi needs two claims to be properly set, one for user fullname and the other for email address. However, there are lots of bugs in that provider such as:
Claim claim1 = validateTokenResult.Principal.Claims.FirstOrDefault<Claim>((Func<Claim, bool>) (c => c.Type == "name")); if (claim1 == null) throw new UserFriendlyException("name claim is missing !"); Claim claim2 = validateTokenResult.Principal.Claims.First<Claim>((Func<Claim, bool>) (c => c.Type == "unique_name")); if (claim1 == null) throw new UserFriendlyException("unique_name claim is missing !"); string[] strArray = claim1.Value.Split(' ', StringSplitOptions.None); return new ExternalAuthUserInfo() { Provider = "OpenIdConnect", ProviderKey = validateTokenResult.Token.Subject, Name = strArray[0], Surname = strArray.Length > 1 ? strArray[1] : strArray[0], EmailAddress = claim2.Value };Claim1 for user fullname and claim2 is for email address. When email address claim is not found, Sequence Contains No Elements exception is being thrown instead of an UserFriendlyException. We spend 3 whole days to configure it according to Azure AD B2B OpenId authentication. You must improve documentation for us to understand where we can get authority, login url and other relevant parameters.
Final configuration is shown below:
"OpenId": { "IsEnabled": "true", "ClientId": "{clientid}", "TenantId": "{tenantid}", "Authority": "https://login.microsoftonline.com/{tenantid}/v2.0", "LoginUrl": "https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize", "ValidateIssuer": "false", "ClaimsMapping": [ { "claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "key": "http://schemas.microsoft.com/identity/claims/objectidentifier" }, { "claim" : "unique_name", "key": "preferred_username" } ] }, -
0
Hi @enerjisauretim,
You must improve documentation for us to understand where we can get authority, login url and other relevant parameters.
Those are OpenID specific parameters and must be provided by your OpenId provider.
- Latest version of
Abp.AspNetZeroCore.Webmust throw UserFriendly exception. Are you using an older version ? - So, did you managed to make it work ? If not, could you share the error message you are getting ?
Thanks,
- Latest version of
