Azure AD Integration #2308 | Support

shobhit created 3 years ago

ABP Framework version: v4.2.2
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes
Exception message and stack trace:NA
Steps to reproduce the issue:"NA

We have to support Azure AD intergration per tenant. How we can achieve this? Does ABP has inbult support for Azure AD like LDAP?

12 Answer(s)

0

gvnuysal created 3 years ago

Hi @shobhit , According to the blog below, I was able to integrate Azure AD into my project. https://community.abp.io/articles/how-to-setup-azure-active-directory-and-integrate-abp-angular-application-lyk87w5l
0

maliming created 3 years ago
Support Team Fullstack Developer

Thanks @gvnuysal
0

shobhit created 3 years ago

Thanks a lot @gvnuysal, @maliming
0

shobhit created 3 years ago

Getting below error in log:

2021-12-21 13:40:29.501 +05:30 [INF] CORS policy execution failed. 2021-12-21 13:40:29.501 +05:30 [INF] Request origin https://login.microsoftonline.com does not have permission to access the resource. 2021-12-21 13:40:30.811 +05:30 [ERR] Message contains error: 'invalid_client', error_description: 'AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 3b2ea9b0-9960-46a4-8c5b-8ceae36e1a00 Correlation ID: d1884fb2-ab78-4e7a-8c35-cc9d54aee141 Timestamp: 2021-12-21 08:10:58Z', error_uri: 'https://login.microsoftonline.com/error?code=7000218', status code '401'. 2021-12-21 13:40:30.812 +05:30 [ERR] Exception occurred while processing message. Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 3b2ea9b0-9960-46a4-8c5b-8ceae36e1a00 Correlation ID: d1884fb2-ab78-4e7a-8c35-cc9d54aee141 Timestamp: 2021-12-21 08:10:58Z', error_uri: 'https://login.microsoftonline.com/error?code=7000218'. at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() 2021-12-21 13:40:30.813 +05:30 [INF] Error from RemoteAuthentication: Message contains error: 'invalid_client', error_description: 'AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 3b2ea9b0-9960-46a4-8c5b-8ceae36e1a00 Correlation ID: d1884fb2-ab78-4e7a-8c35-cc9d54aee141 Timestamp: 2021-12-21 08:10:58Z', error_uri: 'https://login.microsoftonline.com/error?code=7000218'.. 2021-12-21 13:40:30.814 +05:30 [ERR] An unhandled exception has occurred while executing the request. System.Exception: An error was encountered while handling the remote login. ---> Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolException: Message contains error: 'invalid_client', error_description: 'AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'. Trace ID: 3b2ea9b0-9960-46a4-8c5b-8ceae36e1a00 Correlation ID: d1884fb2-ab78-4e7a-8c35-cc9d54aee141 Timestamp: 2021-12-21 08:10:58Z', error_uri: 'https://login.microsoftonline.com/error?code=7000218'. at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<
0

maliming created 3 years ago
Support Team Fullstack Developer

hi

Please share your configure and AddOpenIdConnect code.
0

shobhit created 3 years ago

please share the email id
0

shobhit created 3 years ago

Just to update only Identity server login is working fine but when going from angular UI to identity ui then it is breaking
0

maliming created 3 years ago
Support Team Fullstack Developer

shobhit created 3 years ago

sorry Maliming. could not understand

.AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
            {
                options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"];
                options.ClientId = configuration["AzureAd:ClientId"];
                options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
                options.CallbackPath = configuration["AzureAd:CallbackPath"];
                options.ClientSecret = configuration["AzureAd:ClientSecret"];
                options.RequireHttpsMetadata = false;
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;
                options.Scope.Add("email");

                options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
            });

To me seems CORS issue

0

shobhit created 3 years ago

Error Screen shot:

Identity server Log https://xpertladr-my.sharepoint.com/:t:/p/shobhit/EbK2QoRkdRJGvRX_ph7D5rIBCejmlhwAwYWLqSCWsOvSCQ?e=UPBVJf
0

maliming created 3 years ago
Support Team Fullstack Developer

The log seems to be incomplete.
0

shobhit created 3 years ago

No Problem maliming. Issue resolved after fresh build.

2

Have an answer to this question? Log in and write your answer.