IdentityServer4.Admin icon indicating copy to clipboard operation
IdentityServer4.Admin copied to clipboard

Published 20 hours ago verified publisher icon skoruba

Help with external provider connection Azure AD

Open Felipefuji opened this issue 4 years ago • 8 comments

Hello, I have made the connection adding the OIC configurations, but when I click on the button generated on the login page, it returns this error. Attached images of the code and the error.

Captura

Anotación 2020-09-10 174518

Felipefuji avatar Sep 10 '20 20:09 Felipefuji

Please check this article - how to setup azure ad: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-aspnet-core-webapp

skoruba avatar Sep 13 '20 17:09 skoruba

If I use the integration specified in the associated documentation, the _singInManager.GetExternalLoginInfoAsync () method always returns null.

Felipefuji avatar Sep 15 '20 08:09 Felipefuji

Hi, in our case we have the following configuration: image And in the appsettings.json we have this configuration: image

We had some issues with the creation of the external user (AutoProvisionUserAsync) some claims didn't match but other than that everything worked.

In your case set the ValidateIssuer = false and remove the IssuerValidatior method because that is a custom implementation; But from what i can understand from your exception it seems that it might a problem of communication. Maybe your URL is not well created.

mitirazvan avatar Sep 15 '20 09:09 mitirazvan

I am finally using this code. With it I have been able to solve the problem of _signInManager.ExternalLoginSignInAsync (). I don't know if it's the best option but it worked for me.

`

authenticationBuilder .AddAzureAD(AzureADDefaults.AuthenticationScheme,AzureADDefaults.OpenIdScheme,AzureADDefaults.CookieScheme,AzureADDefaults.DisplayName, options => { options.ClientId = externalProviderConfiguration.AzureADClientId; options.TenantId = externalProviderConfiguration.AzureADTenantId; options.Domain = externalProviderConfiguration.AzureADDomain; options.Instance = externalProviderConfiguration.AzureADInstance; options.CallbackPath = externalProviderConfiguration.AzureADCallbackPath; options.CookieSchemeName = IdentityConstants.ExternalScheme; });

`

Felipefuji avatar Sep 15 '20 10:09 Felipefuji

Hi all,

Is it planned to integrate this configurable possibility to the main repo? For people who use built docker image it can be interesting i think. What do you think about that ? @skoruba In my case, i using built docker images rc3 and infact i would like to integrate azureAD authentication. I can implement in my side this configurable part and propose as PR if you want.

Valentin

ioxFR avatar Oct 04 '20 17:10 ioxFR

Good idea, could you please send a PR? Thanksx.

skoruba avatar Oct 04 '20 17:10 skoruba

@skoruba sure, i currently testing it on my side. I send PR this week for that :)

ioxFR avatar Oct 05 '20 08:10 ioxFR

With the latest version of Skoruba Identity Server to make Identity with AzureAAD or any other Microsoft Identity protected auth system, you need to set cookieScheme parameter to null:

if (externalProviderConfiguration.UseAzureAdProvider)
            {
                authenticationBuilder.AddMicrosoftIdentityWebApp(options =>
                {
                    options.ClientSecret = externalProviderConfiguration.AzureAdSecret;
                    options.ClientId = externalProviderConfiguration.AzureAdClientId;
                    options.TenantId = externalProviderConfiguration.AzureAdTenantId;
                    options.Instance = externalProviderConfiguration.AzureInstance;
                    options.Domain = externalProviderConfiguration.AzureDomain;
                    options.CallbackPath = externalProviderConfiguration.AzureAdCallbackPath;
                },  cookieScheme: null);
            }

ielcoro avatar Sep 28 '21 16:09 ielcoro