Could anyone write the steps or share a link to the documentation on how to enable PAR in Azure B2C.
I have been trying to look for documentation or any blog describing how to enable it for the past 24hours.After extensively searching on Google and digging through the microsoft docs. I was unable to find anything.
Related
I'm stuck trying some basic stuff.
I want to secure Azure functions with an Azure B2C login.
However I followed 7 (or more) tutorials and step by step guides but none of that are working
like https://codemilltech.com/adding-azure-ad-b2c-authentication-to-azure-functions/
My problem is as soon as the azure function is protected and I want to call it in the browser, the login appears just like expected. But after the login the azure function does not seem to be called. Instead a "You do not have permission to view this directory or page." with no further information is displayed.
Additional Info:
*) All tutorials I looked at seemed kind of outdated because the UI in Azure looks slightly different for me than in the images provided but notthing serious.
*) The Userflow is v2 (I also tried v1 without effect)
I finally found the solution.
No tutorial I looked into mentioned that you have to add the ApplicationId of the application that is used to get the token into the "Allowed token audiences" section in the advanced AD configuration.
After that the Error is gone an you can access the service like expected.
Configuration Window
I've been asked to integrate a new web app with our B2C implementation and the requirement is to support the Grant Flow with PKCE.
Does B2C/IEF support this? Any pointers as to steps required?
I'm hopeful as I've found this reference in the AD docs, which references code_challenge and code_challenge_method parameters in the request to the /authorize endpoint.
Thanks
Mark
According to this developer announcement and this documentation issue, it is supported, although it isn't enabled for the implicit flow AFAIK.
it sounds like you are trying to create a web based application that can only use Auth code with PKCE per the new OAuth guidelines. Please refer to the following post in regards to the new OAuth rules and Microsoft's Auth process : https://developer.microsoft.com/en-us/identity/blogs/our-thoughts-on-implicit-grant-with-microsoft-identity/
Microsoft's suggestion is to utilize the Microsoft Libraries to do authentication, that is using either ADAL/MSAL.
As it's a B2C Application you will want to use MSAL. For more information on using MSAL please refer to : https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-b2c-overview
I'm trying to get an AspNet Core 2.1 website to authenticate via Azure AD B2C. I've configured the Google and Microsoft Account signups in my tenant per the online instructions I found (e.g., this for Google).
But neither signup/signin option works. Links to them display on the default Azure AD B2C login page, but clicking the links triggers an error:
for Google, it causes a redirect_uri_mismatch error
for Microsoft Account, it returns a "we're experiencing technical
difficulties" error page, which has persisted for more than 24 hours,
so I doubt there's been any kind of outage
This is all occurring in a development environment, so I'm not using a publicly-registered domain (e.g., the reply uris all point back to localhost). Is that possibly the problem? If so, how do I set up the development environment correctly?
Additional Info
I solved the problem with the google identity provider.
But I'm still getting the same error with the Microsoft Account provider. However, I just noticed that there's an error message buried within the URL for the error page which doesn't get displayed on the page itself:
error=invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.
The first suggestion in the error message -- targeting login.live.com -- doesn't work. The Microsoft Application Portal complains about a domain mismatch.
But I don't see how to apply the second suggestion, because I don't know where the redirect_uri is generated by/stored in my web app (i.e., I defined the redirect uri in the Microsoft Application Portal, but I don't see a corresponding configuration parameter in my webapp).
Ensure that you are registering the same base reply urls in your social providers, that your application is calling from B2C.
For example:
You if your app calls https://contoso.b2clogin.com/contoso.onmicrosoft.com/oauth2/v2.0/authorize then the reply url in your social provider should be https://contoso.b2clogin.com/contoso.onmicrosoft.com/oauth2/authresp
However, some app examples call https://contoso.b2clogin.com/te/contoso.onmicrosoft.com/oauth2/v2.0/authorize (notice the "te") so you therefore need to add a reply URL of https://contoso.b2clogin.com/te/contoso.onmicrosoft.com/oauth2/authresp
I generally add both.
Are you able to sign-up with the local email account at first?, if not this link
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-tutorials-web-app
would be helpful which has a sample web app and the steps, once you are able to sing-up and authenticate , you can add identity providers as Google, Microsoft, Facebook etc., and then you can edit the sign-up or sign-in policies and add the identity providers of Google, Microsoft etc.,
I hope this helps, cheers!! please let me know if you face any issues
Suraj Revankar
Turns out the documentation I was following for setting up the MicrosoftAccount identity app was incorrect, or I was following the wrong instructions.
Basically, you need to redirect to
https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp
not
https://localhost:[port#]/signin-oidc
like the documentation I was originally following suggested.
Check out this question and answer for more details.
I have trouble linking my B2C AAD to Azure Analysis Services. Is this even possible? If yes, what's the best way to build it in?
The documentation states "Azure Analysis Services supports Azure AD B2B collaboration" but doesn't mention B2C. Is there a workaround?
It is not listed in the release notes and a number of others have asked about this, so from what I can tell it does not appear to be supported. I have escalated your question to the Microsoft product group and will get back to you as soon as I have a definitive answer.
In the meantime you can make a feature request in User Voice. https://feedback.azure.com/forums/169401-azure-active-directory/category/160596-b2c
How to make possible single sign-in into my php app for Office 365 users?
I was reading a bit about Microsoft solutions and if I understood well I have to create account on Microsoft Azure AD and buy their services, right?
I found out that Azure AD supports SAML 2.0..
Does anyone did this before and can describe a process a bit more detailed for me? && what data I am receving in SAML response? =)
I am already familiar with SAML protocol and using it.. just not with Microsoft services and where to go to complete this..
Thanks!!
After whole day of digging found something:
http://azure.microsoft.com/en-us/documentation/articles/active-directory-php-web-single-sign-on/
I hope it will be useful for others who have similar question ;-)