You need to enable keychain sharing and add com.microsoft.adalcache to your app entitlements.
c#,asp.net-mvc,azure,azure-active-directory,adal
You need to pass Authority to AuthenticationContext() instead of aadInstance: // Instantiate an AuthenticationContext for my directory (see authString above). AuthenticationContext authenticationContext = new AuthenticationContext(authority, false); ...
If you want to retrieve cached tokens programmatically, see AuthenticationContext.prototype.getCachedToken from https://github.com/AzureAD/azure-activedirectory-library-for-js/blob/master/lib/adal.js. All the tokens issued by Azure AD are JWT tokens.
ms-office,owin,office365,azure-active-directory,adal
This was recently fixed to use the sign on url of the web application rather that the reply address. Can you try that please and let us know if this now works for you? Thanks...
c#,azure,windows-phone-8.1,adal
ADAL uses the WebAUthenticationBroker (WAB) for displaying its prompts. The WAB in Windows Phone 8.1 will not show up until the entire UX of the app has been loaded, hence your current method location won't work - at least until the WAB behavior doesn't change. Please see Authentication failed with...
angularjs,azure,asp.net-web-api,cors,adal
Solved (sort of) This appears to have been caused by deployment issues, specifically how I initially published the applications to Azure. Both apps were originally written using Windows Authentication and were deployed to a standard (i.e. non-Azure) web server. Using these technologies the apps worked as expected. Per new business...
javascript,html,angularjs,adal
I think you are using ui-view instead of ng-view. Try to use ng-view instead of ui-view. If you're going to use ui-view inject ui-router not ngRoute. ng-view and $routeProvider is used when you injected ngRoute. and ui-view and $stateProvider is used when you injected ui.router I hope it makes sense....
c#,asp.net,asp.net-mvc,asp.net-mvc-3,adal
The most important part of the answer due that bluefeet moderator and martij Pieters moderators deleted my answer is here on the owin pipeline var groups = GraphUtil.GetMemberGroups(context.AuthenticationTicket.Identity).Result; //For each group, we have its, ID, we need to get the display name, and then we have to add the claim...
if you use the latest ADAL preview (http://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/3.0.110281957-alpha) and the latest ADFS you should be able to obtain ADFS tokens from your Xamarin applications. The sample https://github.com/AzureADSamples/NativeClient-MultiTarget-DotNet should be adaptable to go against ADFS. For ADFS specific settings see https://msdn.microsoft.com/en-us/library/dn633593.aspx - it's a it old, the ADFS side instructions should...
javascript,asp.net-web-api,windows-store-apps,adal
The library version you are using is ancient and not supported. Also, cookies play no part in the api communications. I recommend switching to the latest stable ADAL. Windows Store sample using ADAL: https://github.com/AzureADSamples/NativeClient-WindowsStore
javascript,angularjs,azure,azure-active-directory,adal
Your issue: I think you have an issue with the link. Your link should be like this:http://localhost:8081/test-ui#/dashboard <a href="#/home">Home</a> <a href="#/todoList">ToDo List</a> <a href="#/contactList">Contact List</a> Adal.Js uses requireADLogin keyword to interrupt the route change event. If you don't see any redirection, it could be related to the routechange event not...
azure,windows-8.1,azure-active-directory,adal
The actual user session is determined by two different components: the token cache (under ADAL's control) and any session tracking cookies that might be present in the system (not under ADAL's control). As you point out, you can easily take care of the token cache part. However the logic you...
c#,azure,console-application,azure-active-directory,adal
Your test app is a native client. In OAuth terms it is a public client. Those terms apply to any client that does not have a client secret or certificate credential of its own. The admin consent feature does not apply to native clients and only works for web applications....
I have solved the problem. I had recently updated VS2013 to update 4, that could have been part of the problem. After some reading I tried updating again, in this case to Update 5RC, and that did the trick. Now it works. Thks...
azure,azure-mobile-services,azure-active-directory,adal
In Mobile Service Identity configuration, for Azure AD as you ask, following parameters are requested App URL Client ID Allowed Tenants Package SID is related to MSA account authentication. Azure AD is last at the bottom. Refer to: Register your apps to use an Azure Active Directory Account login In...
ios,azure,xcode6,office365,adal
What type of account are you logging onto the Azure management portal with? Does it have access to Exchange Online? My guess is your Office 365 subscription doesn't include Exchange or SharePoint, so you don't see them there. It looks like you're trying to use the Unified API though. In...
azure,single-sign-on,azure-active-directory,adal
Nikhil, thanks for reporting this. We've identified the issue and are working on a fix - I shall update the thread as soon as it rolls out.
single-page-application,claims-based-identity,azure-active-directory,adal,office365-apps
http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/ In OAuth2 and OpenId Connect you do so by passing the target domain in the “domain_hint” parameter. In ADAL you can pass it via the following: AuthenticationResult ar = ac.AcquireToken("https://developertenant.onmicrosoft.com/WebUXplusAPI", "71aefb3b-9218-4dea-91f2-8b23ce93f387", new Uri("http://any"), PromptBehavior.Always, UserIdentifier.AnyUser, "domain_hint=mydomain.com"); In the OWIN middleware for OpenId Connect you can do the same in...
azure,active-directory,azure-active-directory,adal
First, you're absolutely right, adal4j was failing to return UserInfo. The reason for this was that the token request did not include the scope=openid parameter, which is required if the caller wants an id_token in the response. I opened an issue, and it has already been resolved. So, an updated...
I think your problem is this line: HttpResponseMessage hrm = await hc.GetAsync(new Uri(requestUrl)); This sends an HTTP GET request to the URL that you supply, which in this case references the user "[email protected]". That is why you are seeing all the properties of the user returned in the response. I...
windows-phone-8.1,single-sign-on,adal
ADAL on Windows Phone does not use a WebView. It uses the WebAuthenticationBroker (WAB), a system API specifically designed to keep the cookie jar used during authentication isolated form the app itself. That prevents apps from using cookies to silently access protected resources without the user knowledge, while at the...
My team owns the sign-in UX for Azure AD. The fact that the AAD login page recognizes domains like outlook.com and redirects users to the Microsoft account (Live ID) login page is a happenstance. It doesn’t work for all consumer domains, and it must not be relied on to enable...
c#,azure,asp.net-web-api,rbac,adal
you no longer need to query the graph for getting group info, we have a new feature that will deliver those in the token. See http://www.dushyantgill.com/blog/2014/12/10/authorization-cloud-applications-using-ad-groups/
asp.net,azure,office365,adal,outlook-restapi
Based on the errors you're seeing, there seems to be an issue with how your app is registered. The first error usually happens when the app is not marked as multi-tenant, and you login to the app with a tenant other than the one where the app is registered. The...
This is pretty straightforward -- here's some code that will get you exactly what you want. Note that you have to replace "myId" with the ID of the file you want to get the data of. This code snippet below will encode the data in UTF8 and print it as...
azure,oauth,jwt,azure-active-directory,adal
As of today there is no way for AAD to send a subset of the user's group. A possible trick would be to define a role for your app, and then assign that group to the role. In that case you'll see the role in the token only if the...
Exceptions are used to report on errors encountered within the ADAL client code. Error code helps to identify issues such as missing app permission for internet, connection issue, invalid redirectUri format. It also helps for common issues such as SSL handshake. The AuthenticationResult is where errors returned from the server,...
I finally had some more time to work on this. It seems that the newer version of the ADAL component does not like captial letters in the redirect URI. The previous versions had no trouble with this, but apparently this one does. So using only lower case characters in the...
Error is actually asking you to put activity in your manifest file. You can see the details at https://github.com/AzureAD/azure-activedirectory-library-for-android/blob/master/README.md You need to have activity in your manifest: <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> <application android:allowBackup="true" android:debuggable="true" android:icon="@drawable/ic_launcher" android:label="@string/app_name"...
c#,azure,mobile,azure-mobile-services,adal
Ok, i found my bug: endpoints: { '<AMS app client id>': 'https://ampapp.azure-mobile.net/' } This should be endpoints: { 'https://ampapp.azure-mobile.net/': '<AMS app id uri>': } After this it works! I'm goind to publish a Angular modul to github which injects the token in the X-Auth-User header to every request like adal.js...
owin,azure-active-directory,openid-connect,adal
In general you cannot use a refresh_token to renew an id_token because an id_token represents user authentication, information that cannot be refreshed without the user present. The way to refresh an id_token is described in the Session Management draft of OpenID Connect (http://openid.net/specs/openid-connect-session-1_0.html) i.e. by sending the user (agent) off...
Adal.js uses iframes to get CORS API tokens for resources other than the SPA's own backend. Iframe request needs to access the browser's cookies to authenticate with AAD and get the access token. Cookies are not accessible when you run in localhost from IE. You need fully qualified domain name...
powershell,azure,azure-active-directory,adal
Please try using Password as the key type: New-MsolServicePrincipalCredential -AppPrincipalId $appId ` -Type Password ` -StartDate ([DateTime]::Now.AddMinutes(-5)) ` -EndDate ([DateTime]::Now.AddMonths(1)) ` -Value "$newPassword" Hope this helps...
Tokens only work within the boundaries of their own tenant - there is no easy way of doing it today. The only way I can think of is using a hidden frame for requesting the token you want - if the user for the other tenant has an active session...
c#,asp.net,asp.net-mvc,azure,adal
Esteban, you seem to have missed setting the role claim type in your ConfigureAuth implementation. Please see line 55 of the sample: https://github.com/dushyantgill/VipSwapper/blob/master/TrainingPoint/App_Start/Startup.Auth.cs#L55. Once you do that User.IsInRole() and Authorize attribute will work properly. Regd the implementation of the custom Authorize attribute - ASP.net has a bug where it returns...
javascript,angularjs,azure,adal,adal.js
I'm not familiar specifically with ADAL.js, but assuming you can say to the server, "does this user have any of these roles" in a http request, then you could intercept the $stateChangeStart, prevent the state change by calling event.preventDefault(), ask the server if the current user is in any of...
The authorization code is single use. There is no revocation for it, however it is valid for a very short time -if not redeemed right away, it won't work. The access token it itself cannot be revoked - the consumer does not consult AAD to validate it. However it has...
You can use the TokenValidationParamenters. See ValidateToken or TokenValidationParameters.CreateClaimsIdentity
this is currently not supported. ADFS does not support the oauth2 implicit grant, which is at the heart of the scenario
java,azure,oauth-2.0,office365,adal
commons-codec version needed to be updated from 1.4 to 1.5 to make the encoding work correctly. http://commons.apache.org/proper/commons-codec/changes-report.html#a1.5 EDIT FROM ERIC I finally managed to retrieve an access token by upgrading my common-codecs artifact from 1.4 (with which it was not working) to 1.5 . We got thinking of the common-codecs...
You should call ADAuthenticationBroker->cancel to make sure all the locks are released correctly.
you can supply token on query parameter as suggested in https://auth0.com/blog/2014/01/15/auth-with-socket-io/ and then process token on your backend
angularjs,authentication,azure,adal
The error was in the adal.js library when the token which didn't decode correctly utf-8 characters. An updated version of the library with the bug fix will be available soon....