microsoft-identity-web icon indicating copy to clipboard operation
microsoft-identity-web copied to clipboard
verified publisher icon AzureAD

ECC cert-based AD authentication fails with generic error

Open kjkent opened this issue 3 years ago • 4 comments

Hi there,

I hope this is the right repo to post this in. For the last couple of days I've been trying to figure out why we couldn't get our app to receive a token for the Microsoft Graph API. No matter how I tried, first with the msal-node library and then by manually constructing and sending JWT assertions, I couldn't figure it out.

The only error shown was the code "5000" and a message saying a server error had occurred.

It transpires that it's because we were using an ECC certificate. I got it reissued as 2048-bit RSA and it worked straight away.

I'm not sure if this is a bug report or a plea for this to be documented. The Azure Portal for the application allowed the potentially unsupported certificate to be uploaded, showing no signs of error. I suppose it hinges on: is this expected behaviour?

All the best, and thanks.

kjkent avatar Jul 18 '22 00:07 kjkent

This might be a question for https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet, @kjkent

jmprieur avatar Jul 18 '22 01:07 jmprieur

Thanks, @jmprieur ! I shall try my luck there. Shall I close this if it's the wrong repo?

kjkent avatar Jul 18 '22 01:07 kjkent

@kjkent : if you could just paste the link to the issue you'll create in that repo, that would be great.

jmprieur avatar Jul 18 '22 16:07 jmprieur

@jmprieur Thanks for the advice and apologies for the delay in getting to this. I've created an issue, which can be found here:

https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1917

kjkent avatar Jul 26 '22 02:07 kjkent