active-directory-b2c-xamarin-native
active-directory-b2c-xamarin-native copied to clipboard
Azure-Samples
[UWP] Login via OpenId Connect IdentityProvider - We can't connect to the service you need right now. Check your network connection or try this again later.
Hello,
I have already implemented your sample into an external app, but i got errors while login with an openid identity provider.
To reproduce this problem I checked out your latest master, tried to reproduce this error within your solution and it also occurs there. I just changed the B2CConstants file values and everything is working for local accounts. In my Azure B2C I have created 2 identity providers for different AD's in my signin/signup policy.
For Android and iOS everything works fine as expected, also the login with the identity provider. If I log in with the UWP App via the identity provider i get the following error:
In my external app, sometimes its possible to login via the identity provider if I first login with local account ⇒ logout and login again with identity provider credentials. But its not really a workaround because the error comes again on the next login.
I configured the identity provider with following documentation:
https://docs.microsoft.com/de-de/azure/active-directory-b2c/tutorial-add-identity-providers
I tried following things:
add Capabilities:
<Capabilities>
<Capability Name="internetClient" />
<uap:Capability Name="enterpriseAuthentication"/>
<Capability Name="privateNetworkClientServer"/>
<uap:Capability Name="sharedUserCertificates"/>
<uap:Capability Name="userAccountInformation"/>
<Capability Name="internetClientServer"/>
</Capabilities>
found it here: https://github.com/Azure-Samples/active-directory-b2c-xamarin-native/issues/137
And tried also setting the registry and redirect url which is created from the app during execution: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/UWP-specifics#properties-of-platformparameter-specific-to-winrt-and-uwp-corporate-network
Im not quite sure what im missing or doing wrong, hope you can help me.
Thank you!
/edit Maybe some additional information, I developed the identity provider login with a signIn/signUp (default) policy, that was working at the beginning, the error occurs only sometimes. After I changed to a only signin (default) policy, the error occurs nearly every time (only works with the workaround which i described already).
@MichaelWytek are you using the standard or recommended version for the policy which is having issues?
@MichaelWytek i wasn't able to repro this. it might be related to the above and if you are using the recommended or standard policy type.
@jennyf19 Im using the Standard policy, maybe u can find a problem on the screenshot below. Please let me know if u need more informations about this.
@jennyf19 Thanks for the input, I tried it now and its working again for me with the recommended policy type :D.
But I was able to reproduce the "Cant connect to the service you need right now" again with following steps, also with the recommended policy type:
- Login with my first IdentityProvider ("DF AD" which is displayed on the screenshot) => worked
- Logout
- Login with my first IdentityProvider ("DF AD" which is displayed on the screenshot) => worked
- Logout
- Login with my second IdentityProvider ("Customer AD" - red lined on the screenshot) => worked
- Logout
- Try to Login again on my first IP ("DF AD") => error occurs again
Then i tried to login/logout a few times:
- On the "Customer AD" I was able to login everytime.
- On the "DF AD" I was not able to login again.
Maybe it is possible to have "wrong" configuration within the identityprovider? Is there any setting which can have side effects to the B2C Login which is set directly in the IdentityProvider AD? I did not understand why I was able to Login to the "DF AD" at the beginning, and since I logged into the "Customer AD" I was not able to login to the "DF AD" again.
/e tried it also on the newest master of this Project (active-directory-b2c-xamarin-native) and the login didnt work for my "DF AD "IdentityProvider, for the "Customer AD" IdentityProvider it works as well.
The good thing is that the "DF AD" is only for the test/dev Stage :D
Thank you,
BR.
@MichaelWytek interesting. thanks for the detailed investigation. Can you grab a correlation id for the request when the error occurs?
@MichaelWytek interesting. thanks for the detailed investigation. Can you grab a correlation id for the request when the error occurs? @jennyf19 I would like to do this but Im not quite sure what u mean with the correlation id :D. No "real" exception occurs if this error happens. Can you explain it to me what I need to do to get the correlation id of the request? (AppInsights/AppCenter is configured if it helps)
Is there any updates on this? This is a showstopper for us at the moment
@amirvenus No, we implement a workaround in our app, if we found a solution I will let you know.
@jennyf19 do you have any other ideas? Or can I provide you some more informations to identify the problem?
Is there any updates on this? This is a showstopper for us at the moment
@amirvenus No, we implement a workaround in our app, if we found a solution I will let you know.
@jennyf19 do you have any other ideas? Or can I provide you some more informations to identify the problem?
Could you please elaborate on the workaround you have used in your app?
Is there any updates on this? This is a showstopper for us at the moment
@amirvenus No, we implement a workaround in our app, if we found a solution I will let you know. @jennyf19 do you have any other ideas? Or can I provide you some more informations to identify the problem?
Could you please elaborate on the workaround you have used in your app?
Ok wrong words, no real workaround, we just use only local accounts for login. Its actually fine for the customer.
@MichaelWytek you can get the correlation id from the MSAL logs, also can you provide your b2c tenant name?
@jennyf19 Oh, thanks. Im getting no result or exception while im trying to logging. So I set the correlation Id before I execute the login like this: (hope this is correct)
Tried it with both flows (recommended & standard) Standard: correlationId: 7e618ed3-17f8-468e-ac36-4b6cacc03671
recommended: correlationId: aa1d8bfc-08d3-41a7-bc20-524f58ded6ef
B2C Tenant name is KappaIOTB2CTest
BR.
thanks @MichaelWytek i've passed the information along to b2c team.
Hi, is there any update?
Hi! I've taken over the implementation of our app from Michael Wytek. Unfortunately the problem still exists. We've already had many discussions with Azure AD Support regarding this issue, and the outcome was, that everything is going well from the Authentication side. They believe, that there must be some kind of problem with the library. We would much appreciate some kind of update from your side as well, to be able to finally close this issue. Thanks for your response!
@PeterSomosDF Using the latest MSAL.NET version, we would need the same information as above, the correlationID from a failed request, assuming the b2c tenant is the same. @SameerK-MSFT can you take a look from the MSAL side? I was not able to repro.
@nickgmicrosoft can you help from the B2C side? thanks.
@jennyf19: everything is the same. From the library Microsoft.Identity.Client, we are using version 4.44.0. Here is the actual correlationID of a failed request: 6c16fa77-4a5b-483e-ae36-8dfd725cdb7d Thank you for your help!