I am trying to authenticate user from my bot using azure active directory.
I have done all the steps accordingly as per official documentation.
Unfortunately,while I run the bot emulator it doesn't prompt user login and anything only shows 401 directline.conversationUpdate. See the screen shot below:
I am trying this example from Git Hub
Note: I have also integrated ngrok exe and configured like below:
Based on your capture, pls have a check that if you have configed your app id and secret correctly as 401 error means you have not authorized successfully. At this period, the most related thing here is app id and secret.
You can find app id here in your bot :
And click "Manage" to create a secret.
Once the auth card pompted up, pls make sure that your account to login belongs to the tenant that you configed in OAuth Connection Settings on Azure portal.
Related
Short description:
Im using laravel application which already has system for logging in with microsoft account. That system works, but this is the first time im working on it, and i can not establish locally that users can sign in with their microsoft account into the application. Because system in the application works, and i get error when logging in, the issue must be in my configuration at Azure portal.
My configuration is as following:
I have created tenant and registered app in it. My SAML config is as following:
Entity ID: https://login.microsoftonline.com/tenant-id/saml2
Reply URL (Assertion Consumer Service URL): https://sts.windows.net/tenant-id/
In my .env i have set following values:
AZURE_AD_CALLBACK_URL=/login/microsoft/callback
AZURE_AD_CLIENT_ID=id-of-the-application-in-tenant
AZURE_AD_CLIENT_SECRET=tenant-secret-key
SAML2_AZURE_SAML_ENABLED=true
SAML2_AZURE_IDP_SSO_URL="https://login.microsoftonline.com/tenant-id/saml2"
SAML2_AZURE_IDP_ENTITYID="https://sts.windows.net/tenant-id/"
SAML2_AZURE_IDP_x509="tenant-id"
SAML2_AZURE_SP_ENTITYID="https://some-app.com/"
I get following error after entering my credentials:
AADSTS700016: Application with identifier 'https://someapp/' was not found in the directory 'tenant-id'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
I have added user to the application, which i use to test login, so this error is totally confusing for me.
I dont know if i provided all neccessary info, but if some missing i will provide them.
I hope someone knows what is wrong with the configuration
The tenant id is a GUID. Have you used this or are you using the "tenant-id" string?
Also, the ACS is an endpoint in your application - not an Azure URL.
I have developed a endpoint to be used for an skype bot but I have not hosted it in Azure so in order to be use skype channel I need registered it using Azure Bot Service (Bot Channels Registration). I did it but when I try create a App Password for that then Azure redirect me to Application Page and show me this message (In the image the message appears in Spanish but this is the translation):
The application no longer exists or is not associated with your
account.
I have tried clear the cache of my browser and try using private tab too but nothing happens.
The application no longer exists, or is not associated with your account.
Based on my test, if I login to Application Registration Portal using the account that is not used to create Bot Channels Registration bot service, I get same message. Please check the account you are using to login to Application Registration Portal and make sure that account is same one you used to create your Bot Channels Registration bot service.
Besides, please check if others know your account and delete that app. You can also try to create another Bot Channels Registration bot service and check if same issue appears.
This could be the account issue. But this does happen if you even create the new one. But what I do think is that there may be some sort of problem with the App Registration portal, or to be specific the link between the app registration portal API that generates auto id and password so if you are using the auto create Microsoft App ID and Password you would face this issue. But if you will do that manually from the App registration portal and use that in your bot channel or web app bot it should work fine. Hope that help.
I am trying to run the active-directory-dotnet-webapi-onbehalfof sample in single tenant mode. I've registered the web app service and the native app client as global admin for the tenant. When I run the sample, as a user in the tenant, I can get a token in the client only after consent pops up (first-time for user), and then call makes it to the service, but there it fails with below. Why is that? Documentation says that when a tenant admin registers the application no further consent is needed? I don't think it is possible to give consent when a remote webapi tries to get OBO token. Something seems buggy... AAD team, please clarify how the OBO feature should be used.
AADSTS65001: The user or administrator has not consented to use the application with ID 'b824502e-fe8a-4770-bd98-8d65a07efcc3'. Send an interactive authorization request for this user and resource.
Trace ID: ad7843d0-be4e-4098-8f7c-43c8e5505cfc
Correlation ID: 140466a4-7250-429f-8843-dbd4f63dc60e
Timestamp: 2016-11-25 21:46:13Z
When you register an application using the Azure Management Portal (manage.windowsazure.com) as a tenant administrator, then yes you should not get consent, as long as subsequent tokens are being retrieved in that same tenant.
Because you are seeing consent for the native client app, and then getting that error message, we must assume that something is not being satisfied which would suppress consent for your app.
To resolve this issue, my recommendation is to simply initiate an interactive authorization request just like the error message implies. You can do this by generating a log-in url for your application, with a specific query string that will force prompt tenant wide consent (prompt=admin_consent).
Here is the skeleton for the URL you need to complete:
https://login.microsoftonline.com/<TenantID>/oauth2/authorize?client_id=<AppID>&response_type=code&redirect_uri=<RedirectURI>&resource=<ResourceURI>&prompt=admin_consent
You can do this for all the applications you registered, and you should not run into consent issues (assuming you are indeed signing in as a tenant admin).
I hope this resolves your issue.
I have two applications which access my users' calendars via a service account. Until today everything was working fine and out of a sudden one of the app cannot get a grant token. I read that this may be due to the same service account being used simultaneously (which was the case for a year but never mind) so I decided to
create a second service account
and authorize it to access the calendars
I created the service account in the Google Developers Console -> API Manager -> Credentials.
The console now looks like this:
Service account client 1 is the original service account which was working for both apps and now works for one of them only. The ga... account is the newly created one.
In order to get the ClientID I went (on the same page) to "Manage service accounts" and I get this:
The newly created account does not offer the possibility to check its ClientID. Why?
The ClientID is also available in the JSON file downloaded upon creation. I extracted it from there and tried to authorize the access in my GApps Security console:
As you can see it was refused.
What part did I miss when creating this second account?
Found it:
and after checking the checkbox below both accounts look the same, the ClientID is available and it can be authorized in the GApps console.
I want to authenticate my mvc application by microsoft. I successfully done with Facbook, Google and Twitter, but when i click on Microsoft then the error `We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later`
is coming.
I successfully created an app and paste the Client ID and Client Secret in my mvc application . But I do not know the real problem
What is the return URL that you specified for the given Client ID and Client Secret? If the site is not running under that specific URL (e.g. is running under localhost whilst you are in dev mode), you can get this error message.
In my case I had my gmail account configured as my primary Microsoft Live account once I changed this to my Hotmail account as the primary account and then created a new app with a new name Client ID and Secret it started working for me.
The gmail account worked signing in as a gmail user on my app Identity Provider being Google to give some background this is the account I used as my Microsoft Account. I suspect my Microsoft account using my gmail user name and password confused the MS identity Provider thus resulting in the error. So avoid using a different Identity Providers credentials to authenticate with a different Identity provider if testing this. One account per Identity provider not associated to other Identity providers.
Since the Google account had been my primary for the other Identity Providers when I logged into the App as this I as essentially I suspect therefore already logged in with my Microsoft account.
Step 1:-
Open Application Registration Portal of Microsoft [https://apps.dev.microsoft.com] where you have Registered your Application.
You need to make change in Redirect URIs
For example :-
The URI which is Registered
URL:- http://localhost:8000
Change to make in URI :-
Just Add :- [/signin-microsoft] at end of URL It works
URL:- http://localhost:8000/signin-microsoft
Finally save your setting and try again it will work.
In my case, it failed when I used my personal Outlook account to login.
Once I switched to an Office 365 account, it started working.