CORS preflight request responds with 302 redirect in Azure hosted Web API
angularjs,azure,asp.net-web-api,cors,adal
Solved (sort of) This appears to have been caused by deployment issues, specifically how I initially published the applications to Azure. Both apps were originally written using Windows Authentication and were deployed to a standard (i.e. non-Azure) web server. Using these technologies the apps worked as expected. Per new business...
Single sign on single native client windows phone using ADAL
windows-phone-8.1,single-sign-on,adal
ADAL on Windows Phone does not use a WebView. It uses the WebAuthenticationBroker (WAB), a system API specifically designed to keep the cookie jar used during authentication isolated form the app itself. That prevents apps from using cookies to silently access protected resources without the user knowledge, while at the...
Office 365 Rest Api Having issues getting access token
asp.net,azure,office365,adal,outlook-restapi
Based on the errors you're seeing, there seems to be an issue with how your app is registered. The first error usually happens when the app is not marked as multi-tenant, and you login to the app with a tenant other than the one where the app is registered. The...
ADAL - Error calling AuthenticationContext in javascript app
I have solved the problem. I had recently updated VS2013 to update 4, that could have been part of the problem. After some reading I tried updating again, in this case to Update 5RC, and that did the trick. Now it works. Thks...
Angularjs doesn't authenticate with Azure Active Directory
angularjs,authentication,azure,adal
The error was in the adal.js library when the token which didn't decode correctly utf-8 characters. An updated version of the library with the bug fix will be available soon....
ADFS connection in Xamarin studio
if you use the latest ADAL preview (http://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/3.0.110281957-alpha) and the latest ADFS you should be able to obtain ADFS tokens from your Xamarin applications. The sample https://github.com/AzureADSamples/NativeClient-MultiTarget-DotNet should be adaptable to go against ADFS. For ADFS specific settings see https://msdn.microsoft.com/en-us/library/dn633593.aspx - it's a it old, the ADFS side instructions should...
ADAL JavaScript: Adding additional claims (ADAL JS)
You can use the TokenValidationParamenters. See ValidateToken or TokenValidationParameters.CreateClaimsIdentity
Authenticate against an Azure Mobile Service App with ADAL.js acquired token
c#,azure,mobile,azure-mobile-services,adal
Ok, i found my bug: endpoints: { '<AMS app client id>': 'https://ampapp.azure-mobile.net/' } This should be endpoints: { 'https://ampapp.azure-mobile.net/': '<AMS app id uri>': } After this it works! I'm goind to publish a Angular modul to github which injects the token in the X-Auth-User header to every request like adal.js...
Getting Roles for Group Membership Azure AD
azure,single-sign-on,azure-active-directory,adal
Nikhil, thanks for reporting this. We've identified the issue and are working on a fix - I shall update the thread as soon as it rolls out.
Azure ADAL Refresh id_token
owin,azure-active-directory,openid-connect,adal
In general you cannot use a refresh_token to renew an id_token because an id_token represents user authentication, information that cannot be refreshed without the user present. The way to refresh an id_token is described in the Session Management draft of OpenID Connect (http://openid.net/specs/openid-connect-session-1_0.html) i.e. by sending the user (agent) off...
Azure AD authentication with Institutional and Microsoft accounts
My team owns the sign-in UX for Azure AD. The fact that the AAD login page recognizes domains like outlook.com and redirects users to the Microsoft account (Live ID) login page is a happenstance. It doesn’t work for all consumer domains, and it must not be relied on to enable...
ADAL: W8.1 app trying to log user out
azure,windows-8.1,azure-active-directory,adal
The actual user session is determined by two different components: the token cache (under ADAL's control) and any session tracking cookies that might be present in the system (not under ADAL's control). As you point out, you can easily take care of the token cache part. However the logic you...
ADAL 3.2 alpha AcquireTokenAsync iOS does not dismiss sign in form
I finally had some more time to work on this. It seems that the newer version of the ADAL component does not like captial letters in the redirect URI. The previous versions had no trouble with this, but apparently this one does. So using only lower case characters in the...
Active Directory Authentication for java application with Oauth2 client credential grant produces “unauthorized_client” error
java,azure,oauth-2.0,office365,adal
commons-codec version needed to be updated from 1.4 to 1.5 to make the encoding work correctly. http://commons.apache.org/proper/commons-codec/changes-report.html#a1.5 EDIT FROM ERIC I finally managed to retrieve an access token by upgrading my common-codecs artifact from 1.4 (with which it was not working) to 1.5 . We got thinking of the common-codecs...
ADALiOS:Cannot add a new item in the keychain / O365-iOS-Connect-Swift
You need to enable keychain sharing and add com.microsoft.adalcache to your app entitlements.
Using Office-365-SDK-for-iOS
ios,azure,xcode6,office365,adal
What type of account are you logging onto the Azure management portal with? Does it have access to Exchange Online? My guess is your Office 365 subscription doesn't include Exchange or SharePoint, so you don't see them there. It looks like you're trying to use the Unified API though. In...
How to correctly send a PATCH request
I think your problem is this line: HttpResponseMessage hrm = await hc.GetAsync(new Uri(requestUrl)); This sends an HTTP GET request to the URL that you supply, which in this case references the user "[email protected]". That is why you are seeing all the properties of the user returned in the response. I...
Retrieve a user group membership from Azure AD for RBAC
c#,azure,asp.net-web-api,rbac,adal
you no longer need to query the graph for getting group info, we have a new feature that will deliver those in the token. See http://www.dushyantgill.com/blog/2014/12/10/authorization-cloud-applications-using-ad-groups/
How can I get the JWT access_token after loging in with ADAL.js?
If you want to retrieve cached tokens programmatically, see AuthenticationContext.prototype.getCachedToken from https://github.com/AzureAD/azure-activedirectory-library-for-js/blob/master/lib/adal.js. All the tokens issued by Azure AD are JWT tokens.
Authenticate SignalR call through ADAL JS
you can supply token on query parameter as suggested in https://auth0.com/blog/2014/01/15/auth-with-socket-io/ and then process token on your backend
Azure AD: revoke authorization code?
The authorization code is single use. There is no revocation for it, however it is valid for a very short time -if not redeemed right away, it won't work. The access token it itself cannot be revoked - the consumer does not consult AAD to validate it. However it has...
Azure ADAL AcquireToken from different tenantId
Tokens only work within the boundaries of their own tenant - there is no easy way of doing it today. The only way I can think of is using a hidden frame for requesting the token you want - if the user for the other tenant has an active session...
Adal.js not triggering the authentication
javascript,angularjs,azure,azure-active-directory,adal
Your issue: I think you have an issue with the link. Your link should be like this:http://localhost:8081/test-ui#/dashboard <a href="#/home">Home</a> <a href="#/todoList">ToDo List</a> <a href="#/contactList">Contact List</a> Adal.Js uses requireADLogin keyword to interrupt the route change event. If you don't see any redirection, it could be related to the routechange event not...
ADAL user consent triggered even when admin has already consented
c#,azure,console-application,azure-active-directory,adal
Your test app is a native client. In OAuth terms it is a public client. Those terms apply to any client that does not have a client secret or certificate credential of its own. The admin consent feature does not apply to native clients and only works for web applications....
Custom Authorize Attribute on asp.net mvc
c#,asp.net,asp.net-mvc,azure,adal
Esteban, you seem to have missed setting the role claim type in your ConfigureAuth implementation. Please see line 55 of the sample: https://github.com/dushyantgill/VipSwapper/blob/master/TrainingPoint/App_Start/Startup.Auth.cs#L55. Once you do that User.IsInRole() and Authorize attribute will work properly. Regd the implementation of the custom Authorize attribute - ASP.net has a bug where it returns...
ADAL for Windows Phone 8.1 Problems
c#,azure,windows-phone-8.1,adal
ADAL uses the WebAUthenticationBroker (WAB) for displaying its prompts. The WAB in Windows Phone 8.1 will not show up until the entire UX of the app has been loaded, hence your current method location won't work - at least until the WAB behavior doesn't change. Please see Authentication failed with...
ADAL JavaScript support for on premise ADFS (ADAL JS)
this is currently not supported. ADFS does not support the oauth2 implicit grant, which is at the heart of the scenario
Read file using Office 365 SDK for iOS
This is pretty straightforward -- here's some code that will get you exactly what you want. Note that you have to replace "myId" with the ID of the file you want to get the data of. This code snippet below will encode the data in UTF8 and print it as...
'authority' should be in Uri format Parameter name: authority
c#,asp.net-mvc,azure,azure-active-directory,adal
You need to pass Authority to AuthenticationContext() instead of aadInstance: // Instantiate an AuthenticationContext for my directory (see authString above). AuthenticationContext authenticationContext = new AuthenticationContext(authority, false); ...
ADAL js does not work in IE when acquiring token for remote endpoint
Adal.js uses iframes to get CORS API tokens for resources other than the SPA's own backend. Iframe request needs to access the browser's cookies to authenticate with AAD and get the access token. Cookies are not accessible when you run in localhost from IE. You need fully qualified domain name...
Angular JS App shows blank screen
javascript,html,angularjs,adal
I think you are using ui-view instead of ng-view. Try to use ng-view instead of ui-view. If you're going to use ui-view inject ui-router not ngRoute. ng-view and $routeProvider is used when you injected ngRoute. and ui-view and $stateProvider is used when you injected ui.router I hope it makes sense....
Authentication Context error intent is not resolved
Error is actually asking you to put activity in your manifest file. You can see the details at https://github.com/AzureAD/azure-activedirectory-library-for-android/blob/master/README.md You need to have activity in your manifest: <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> <application android:allowBackup="true" android:debuggable="true" android:icon="@drawable/ic_launcher" android:label="@string/app_name"...
adal javascript windows store app token
javascript,asp.net-web-api,windows-store-apps,adal
The library version you are using is ancient and not supported. Also, cookies play no part in the api communications. I recommend switching to the latest stable ADAL. Windows Store sample using ADAL: https://github.com/AzureADSamples/NativeClient-WindowsStore
How to dismiss ADAuthentication web view controller programmatically?
You should call ADAuthenticationBroker->cancel to make sure all the locks are released correctly.
Skip “login.windows.net” and redirect to federated ADFS
single-page-application,claims-based-identity,azure-active-directory,adal,office365-apps
http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/ In OAuth2 and OpenId Connect you do so by passing the target domain in the “domain_hint” parameter. In ADAL you can pass it via the following: AuthenticationResult ar = ac.AcquireToken("https://developertenant.onmicrosoft.com/WebUXplusAPI", "71aefb3b-9218-4dea-91f2-8b23ce93f387", new Uri("http://any"), PromptBehavior.Always, UserIdentifier.AnyUser, "domain_hint=mydomain.com"); In the OWIN middleware for OpenId Connect you can do the same in...
Plugging a custom service to UI Route
javascript,angularjs,azure,adal,adal.js
I'm not familiar specifically with ADAL.js, but assuming you can say to the server, "does this user have any of these roles" in a http request, then you could intercept the $stateChangeStart, prevent the state change by calling event.preventDefault(), ask the server if the current user is in any of...
Authorization in Cloud Applications using AD Groups issue with new group
c#,asp.net,asp.net-mvc,asp.net-mvc-3,adal
The most important part of the answer due that bluefeet moderator and martij Pieters moderators deleted my answer is here on the owin pipeline var groups = GraphUtil.GetMemberGroups(context.AuthenticationTicket.Identity).Result; //For each group, we have its, ID, we need to get the display name, and then we have to add the claim...
Create Azure AD ClientCredentials Key from PowerShell
powershell,azure,azure-active-directory,adal
Please try using Password as the key type: New-MsolServicePrincipalCredential -AppPrincipalId $appId ` -Type Password ` -StartDate ([DateTime]::Now.AddMinutes(-5)) ` -EndDate ([DateTime]::Now.AddMonths(1)) ` -Value "$newPassword" Hope this helps...
Integrating Azure AD applications into Office 365 App Launcher
ms-office,owin,office365,azure-active-directory,adal
This was recently fixed to use the sign on url of the web application rather that the reply address. Can you try that please and let us know if this now works for you? Thanks...
How do I secure an Azure Mobile Service with Azure AD? ADAL.JS
azure,azure-mobile-services,azure-active-directory,adal
In Mobile Service Identity configuration, for Azure AD as you ask, following parameters are requested App URL Client ID Allowed Tenants Package SID is related to MSA account authentication. Azure AD is last at the bottom. Refer to: Register your apps to use an Azure Active Directory Account login In...
ADAL for Android - What is the correct way to handle errors?
Exceptions are used to report on errors encountered within the ADAL client code. Error code helps to identify issues such as missing app permission for internet, connection issue, invalid redirectUri format. It also helps for common issues such as SSL handshake. The AuthenticationResult is where errors returned from the server,...
How to get a token with a specific group claim from azure-active-directory
azure,oauth,jwt,azure-active-directory,adal
As of today there is no way for AAD to send a subset of the user's group. A possible trick would be to define a role for your app, and then assign that group to the role. In that case you'll see the role in the token only if the...
Getting username and group info from Azure using adal4j
azure,active-directory,azure-active-directory,adal
First, you're absolutely right, adal4j was failing to return UserInfo. The reason for this was that the token request did not include the scope=openid parameter, which is required if the caller wants an id_token in the response. I opened an issue, and it has already been resolved. So, an updated...