Menu
  • HOME
  • TAGS

ADALiOS:Cannot add a new item in the keychain / O365-iOS-Connect-Swift

ios,office365,adal

You need to enable keychain sharing and add com.microsoft.adalcache to your app entitlements.

'authority' should be in Uri format Parameter name: authority

c#,asp.net-mvc,azure,azure-active-directory,adal

You need to pass Authority to AuthenticationContext() instead of aadInstance: // Instantiate an AuthenticationContext for my directory (see authString above). AuthenticationContext authenticationContext = new AuthenticationContext(authority, false); ...

How can I get the JWT access_token after loging in with ADAL.js?

adal

If you want to retrieve cached tokens programmatically, see AuthenticationContext.prototype.getCachedToken from https://github.com/AzureAD/azure-activedirectory-library-for-js/blob/master/lib/adal.js. All the tokens issued by Azure AD are JWT tokens.

Integrating Azure AD applications into Office 365 App Launcher

ms-office,owin,office365,azure-active-directory,adal

This was recently fixed to use the sign on url of the web application rather that the reply address. Can you try that please and let us know if this now works for you? Thanks...

ADAL for Windows Phone 8.1 Problems

c#,azure,windows-phone-8.1,adal

ADAL uses the WebAUthenticationBroker (WAB) for displaying its prompts. The WAB in Windows Phone 8.1 will not show up until the entire UX of the app has been loaded, hence your current method location won't work - at least until the WAB behavior doesn't change. Please see Authentication failed with...

CORS preflight request responds with 302 redirect in Azure hosted Web API

angularjs,azure,asp.net-web-api,cors,adal

Solved (sort of) This appears to have been caused by deployment issues, specifically how I initially published the applications to Azure. Both apps were originally written using Windows Authentication and were deployed to a standard (i.e. non-Azure) web server. Using these technologies the apps worked as expected. Per new business...

Angular JS App shows blank screen

javascript,html,angularjs,adal

I think you are using ui-view instead of ng-view. Try to use ng-view instead of ui-view. If you're going to use ui-view inject ui-router not ngRoute. ng-view and $routeProvider is used when you injected ngRoute. and ui-view and $stateProvider is used when you injected ui.router I hope it makes sense....

Authorization in Cloud Applications using AD Groups issue with new group

c#,asp.net,asp.net-mvc,asp.net-mvc-3,adal

The most important part of the answer due that bluefeet moderator and martij Pieters moderators deleted my answer is here on the owin pipeline var groups = GraphUtil.GetMemberGroups(context.AuthenticationTicket.Identity).Result; //For each group, we have its, ID, we need to get the display name, and then we have to add the claim...

ADFS connection in Xamarin studio

xamarin,adfs,adal

if you use the latest ADAL preview (http://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/3.0.110281957-alpha) and the latest ADFS you should be able to obtain ADFS tokens from your Xamarin applications. The sample https://github.com/AzureADSamples/NativeClient-MultiTarget-DotNet should be adaptable to go against ADFS. For ADFS specific settings see https://msdn.microsoft.com/en-us/library/dn633593.aspx - it's a it old, the ADFS side instructions should...

adal javascript windows store app token

javascript,asp.net-web-api,windows-store-apps,adal

The library version you are using is ancient and not supported. Also, cookies play no part in the api communications. I recommend switching to the latest stable ADAL. Windows Store sample using ADAL: https://github.com/AzureADSamples/NativeClient-WindowsStore

Adal.js not triggering the authentication

javascript,angularjs,azure,azure-active-directory,adal

Your issue: I think you have an issue with the link. Your link should be like this:http://localhost:8081/test-ui#/dashboard <a href="#/home">Home</a> <a href="#/todoList">ToDo List</a> <a href="#/contactList">Contact List</a> Adal.Js uses requireADLogin keyword to interrupt the route change event. If you don't see any redirection, it could be related to the routechange event not...

ADAL: W8.1 app trying to log user out

azure,windows-8.1,azure-active-directory,adal

The actual user session is determined by two different components: the token cache (under ADAL's control) and any session tracking cookies that might be present in the system (not under ADAL's control). As you point out, you can easily take care of the token cache part. However the logic you...

ADAL user consent triggered even when admin has already consented

c#,azure,console-application,azure-active-directory,adal

Your test app is a native client. In OAuth terms it is a public client. Those terms apply to any client that does not have a client secret or certificate credential of its own. The admin consent feature does not apply to native clients and only works for web applications....

ADAL - Error calling AuthenticationContext in javascript app

javascript,azure,adal

I have solved the problem. I had recently updated VS2013 to update 4, that could have been part of the problem. After some reading I tried updating again, in this case to Update 5RC, and that did the trick. Now it works. Thks...

How do I secure an Azure Mobile Service with Azure AD? ADAL.JS

azure,azure-mobile-services,azure-active-directory,adal

In Mobile Service Identity configuration, for Azure AD as you ask, following parameters are requested App URL Client ID Allowed Tenants Package SID is related to MSA account authentication. Azure AD is last at the bottom. Refer to: Register your apps to use an Azure Active Directory Account login In...

Using Office-365-SDK-for-iOS

ios,azure,xcode6,office365,adal

What type of account are you logging onto the Azure management portal with? Does it have access to Exchange Online? My guess is your Office 365 subscription doesn't include Exchange or SharePoint, so you don't see them there. It looks like you're trying to use the Unified API though. In...

Getting Roles for Group Membership Azure AD

azure,single-sign-on,azure-active-directory,adal

Nikhil, thanks for reporting this. We've identified the issue and are working on a fix - I shall update the thread as soon as it rolls out.

Skip “login.windows.net” and redirect to federated ADFS

single-page-application,claims-based-identity,azure-active-directory,adal,office365-apps

http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/ In OAuth2 and OpenId Connect you do so by passing the target domain in the “domain_hint” parameter. In ADAL you can pass it via the following: AuthenticationResult ar = ac.AcquireToken("https://developertenant.onmicrosoft.com/WebUXplusAPI", "71aefb3b-9218-4dea-91f2-8b23ce93f387", new Uri("http://any"), PromptBehavior.Always, UserIdentifier.AnyUser, "domain_hint=mydomain.com"); In the OWIN middleware for OpenId Connect you can do the same in...

Getting username and group info from Azure using adal4j

azure,active-directory,azure-active-directory,adal

First, you're absolutely right, adal4j was failing to return UserInfo. The reason for this was that the token request did not include the scope=openid parameter, which is required if the caller wants an id_token in the response. I opened an issue, and it has already been resolved. So, an updated...

How to correctly send a PATCH request

c#,rest,azure,adal

I think your problem is this line: HttpResponseMessage hrm = await hc.GetAsync(new Uri(requestUrl)); This sends an HTTP GET request to the URL that you supply, which in this case references the user "[email protected]". That is why you are seeing all the properties of the user returned in the response. I...

Single sign on single native client windows phone using ADAL

windows-phone-8.1,single-sign-on,adal

ADAL on Windows Phone does not use a WebView. It uses the WebAuthenticationBroker (WAB), a system API specifically designed to keep the cookie jar used during authentication isolated form the app itself. That prevents apps from using cookies to silently access protected resources without the user knowledge, while at the...

Azure AD authentication with Institutional and Microsoft accounts

adal

My team owns the sign-in UX for Azure AD. The fact that the AAD login page recognizes domains like outlook.com and redirects users to the Microsoft account (Live ID) login page is a happenstance. It doesn’t work for all consumer domains, and it must not be relied on to enable...

Retrieve a user group membership from Azure AD for RBAC

c#,azure,asp.net-web-api,rbac,adal

you no longer need to query the graph for getting group info, we have a new feature that will deliver those in the token. See http://www.dushyantgill.com/blog/2014/12/10/authorization-cloud-applications-using-ad-groups/

Office 365 Rest Api Having issues getting access token

asp.net,azure,office365,adal,outlook-restapi

Based on the errors you're seeing, there seems to be an issue with how your app is registered. The first error usually happens when the app is not marked as multi-tenant, and you login to the app with a tenant other than the one where the app is registered. The...

Read file using Office 365 SDK for iOS

ios,office365,adal

This is pretty straightforward -- here's some code that will get you exactly what you want. Note that you have to replace "myId" with the ID of the file you want to get the data of. This code snippet below will encode the data in UTF8 and print it as...

How to get a token with a specific group claim from azure-active-directory

azure,oauth,jwt,azure-active-directory,adal

As of today there is no way for AAD to send a subset of the user's group. A possible trick would be to define a role for your app, and then assign that group to the role. In that case you'll see the role in the token only if the...

ADAL for Android - What is the correct way to handle errors?

android,error-handling,adal

Exceptions are used to report on errors encountered within the ADAL client code. Error code helps to identify issues such as missing app permission for internet, connection issue, invalid redirectUri format. It also helps for common issues such as SSL handshake. The AuthenticationResult is where errors returned from the server,...

ADAL 3.2 alpha AcquireTokenAsync iOS does not dismiss sign in form

xamarin.forms,adal

I finally had some more time to work on this. It seems that the newer version of the ADAL component does not like captial letters in the redirect URI. The previous versions had no trouble with this, but apparently this one does. So using only lower case characters in the...

Authentication Context error intent is not resolved

android,office365,adal

Error is actually asking you to put activity in your manifest file. You can see the details at https://github.com/AzureAD/azure-activedirectory-library-for-android/blob/master/README.md You need to have activity in your manifest: <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> <application android:allowBackup="true" android:debuggable="true" android:icon="@drawable/ic_launcher" android:label="@string/app_name"...

Authenticate against an Azure Mobile Service App with ADAL.js acquired token

c#,azure,mobile,azure-mobile-services,adal

Ok, i found my bug: endpoints: { '<AMS app client id>': 'https://ampapp.azure-mobile.net/' } This should be endpoints: { 'https://ampapp.azure-mobile.net/': '<AMS app id uri>': } After this it works! I'm goind to publish a Angular modul to github which injects the token in the X-Auth-User header to every request like adal.js...

Azure ADAL Refresh id_token

owin,azure-active-directory,openid-connect,adal

In general you cannot use a refresh_token to renew an id_token because an id_token represents user authentication, information that cannot be refreshed without the user present. The way to refresh an id_token is described in the Session Management draft of OpenID Connect (http://openid.net/specs/openid-connect-session-1_0.html) i.e. by sending the user (agent) off...

ADAL js does not work in IE when acquiring token for remote endpoint

adal

Adal.js uses iframes to get CORS API tokens for resources other than the SPA's own backend. Iframe request needs to access the browser's cookies to authenticate with AAD and get the access token. Cookies are not accessible when you run in localhost from IE. You need fully qualified domain name...

Create Azure AD ClientCredentials Key from PowerShell

powershell,azure,azure-active-directory,adal

Please try using Password as the key type: New-MsolServicePrincipalCredential -AppPrincipalId $appId ` -Type Password ` -StartDate ([DateTime]::Now.AddMinutes(-5)) ` -EndDate ([DateTime]::Now.AddMonths(1)) ` -Value "$newPassword" Hope this helps...

Azure ADAL AcquireToken from different tenantId

authentication,azure,adal

Tokens only work within the boundaries of their own tenant - there is no easy way of doing it today. The only way I can think of is using a hidden frame for requesting the token you want - if the user for the other tenant has an active session...

Custom Authorize Attribute on asp.net mvc

c#,asp.net,asp.net-mvc,azure,adal

Esteban, you seem to have missed setting the role claim type in your ConfigureAuth implementation. Please see line 55 of the sample: https://github.com/dushyantgill/VipSwapper/blob/master/TrainingPoint/App_Start/Startup.Auth.cs#L55. Once you do that User.IsInRole() and Authorize attribute will work properly. Regd the implementation of the custom Authorize attribute - ASP.net has a bug where it returns...

Plugging a custom service to UI Route

javascript,angularjs,azure,adal,adal.js

I'm not familiar specifically with ADAL.js, but assuming you can say to the server, "does this user have any of these roles" in a http request, then you could intercept the $stateChangeStart, prevent the state change by calling event.preventDefault(), ask the server if the current user is in any of...

Azure AD: revoke authorization code?

adal

The authorization code is single use. There is no revocation for it, however it is valid for a very short time -if not redeemed right away, it won't work. The access token it itself cannot be revoked - the consumer does not consult AAD to validate it. However it has...

ADAL JavaScript: Adding additional claims (ADAL JS)

adal

You can use the TokenValidationParamenters. See ValidateToken or TokenValidationParameters.CreateClaimsIdentity

ADAL JavaScript support for on premise ADFS (ADAL JS)

adal

this is currently not supported. ADFS does not support the oauth2 implicit grant, which is at the heart of the scenario

Active Directory Authentication for java application with Oauth2 client credential grant produces “unauthorized_client” error

java,azure,oauth-2.0,office365,adal

commons-codec version needed to be updated from 1.4 to 1.5 to make the encoding work correctly. http://commons.apache.org/proper/commons-codec/changes-report.html#a1.5 EDIT FROM ERIC I finally managed to retrieve an access token by upgrading my common-codecs artifact from 1.4 (with which it was not working) to 1.5 . We got thinking of the common-codecs...

How to dismiss ADAuthentication web view controller programmatically?

adal

You should call ADAuthenticationBroker->cancel to make sure all the locks are released correctly.

Authenticate SignalR call through ADAL JS

angularjs,signalr,adal

you can supply token on query parameter as suggested in https://auth0.com/blog/2014/01/15/auth-with-socket-io/ and then process token on your backend

Angularjs doesn't authenticate with Azure Active Directory

angularjs,authentication,azure,adal

The error was in the adal.js library when the token which didn't decode correctly utf-8 characters. An updated version of the library with the bug fix will be available soon....