Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 days ago.
Improve this question
I'm following this tutorial to set up Azure B2C authentication for an Angular app and a .NET backend. I'm configuring the flows using policy files and I'm configuring an API connector for token enrichment as well.
I can see the custom claims included in the id_token jwt that is passed as the result of authentication when i run the flow using the portal.
But the access token that the backend application receives from the Angular frontend does not contain the custom claims.
Basically, the id_token has the claims and the access token does not.
What could be the reason for this? Could this be an issue in the policy files or the way I've configured MSAL library.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 days ago.
Improve this question
I created a new ASP.NET Core MVC 6.0 web application >> and i define it to use Azure AD for authentication, as follow:-
then i were asked to create owned application, so i created one named "ad" as follow:-
and inside my application's appsetting i got these settings:-
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "*****",
"TenantId": "***",
"ClientId": "***",
"CallbackPath": "/signin-oidc"
},
so seems visual studio did all the work for us. but when i accessed the "ad" application inside Azure >> i got 2 warnings, as follow:-
so what are those warnings trying to say? and how we can solve these warnings and to use more up to date approach? as we are planning to build a long-life asp.net core application.
Thanks
Please read the warnings, their explanation is pretty straight forward. And they both contain links to additional information.
A short summary:
Don't use ADAL (and Azure AD Graph), use MSAL (and Microsoft Graph).
Make sure you're a verified publisher if you want end users to grant consent on newly registered multi-tenant apps.
Both of these warnings have nothing to do with the app registration itself, but with (1.) the authentication framework you're using to build an application and (2.) the way you publish multi-tenant apps.
You can find additional info in the links in the warnings.
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 days ago.
Improve this question
I am having trouble finding documentation that covers Single Log Out functionality in Azure AD B2C when it is initiated by an external IDP.
Consider that we have an application protected by Azure AD B2C, and the user is signed in to Azure AD B2C with a federated identity. Now, documentation is pretty clear about how to initiate the log out from the application / Azure B2C side and is also clear how B2C will logout from external identity providers at the same time.
However, consider when the user logs out on the external IDP side. We want the external IDP to initiate single log out to Azure AD B2C, and Azure AD B2C to initiate single log out with the app. So, essentially the opposite flow.
I know Azure AD B2C has a logout URL (considering EnforceIdTokenHintOnLogout is not enabled), I could theoretically configure the relying party configuration on the external IDP with B2C's log out URL. i.e. https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/logout
Would this trigger the logout of B2C as expected? Am I approaching this in the right way? Is there any documentation covering the implementation of this?
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 3 months ago.
Improve this question
A company plans to deploy a non-interactive daemon app to their Azure tenant.
The application must write data to the company’s directory by using the Directory.ReadWrite.All permission. The application must not prompt users for consent.
You need to grant the access required by the application.
Which permission should you use?
Select only one answer.
admin-restricted
delegated
application
effective
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I would like to synchronise Azure AD users with my custom home grown user management solution using SOAP API's. My custom home grown user management has SOAP API's for all the user management operations. Any suggestions or pointers for synchronising AD users to my custom home grown user management solution using REST API's is useful.
thanks Lokesh
There is an open standard I can think of, called SCIM.
This is taken from the microsoft docs that describes using SCIM with Azure AD
As an application developer, you can use the System for Cross-Domain Identity Management (SCIM) user management API to enable automatic provisioning of users and groups between your application and Azure AD. This article describes how to build a SCIM endpoint and integrate with the Azure AD provisioning service. The SCIM specification provides a common user schema for provisioning. When used in conjunction with federation standards like SAML or OpenID Connect, SCIM gives administrators an end-to-end, standards-based solution for access management.
(source)
Basically you have to implement some well defined endpoints and Azure AD will take care of the syncing.
I am building a react application which needs to be sign in and sign up users only through the application. I am using AADB2C for user management. I know this question has been asked several times in the past, but I still finding a way to sign up/sign in users using AADB2C without redirecting to Microsoft login page. I found it impossible back in 2 years ago, but I really appreciate your help, If there is any services or packages to overcome this riddle .
#PrathapG I have responded to your question here: https://learn.microsoft.com/answers/questions/21036/log-in-to-azure-ad-b2c-without-redirecting-to-b2cl.html
You can always use the Graph API to directly create users into the B2C Directory, but that defeats most of the advantages of B2C of not having to write the plumbing code.
You are now also responsible for securing this user creation code.
Currently the new login url is: .b2clogin.com, which does not contain any reference to MS anymore, which partly may solve your issue?
There has to be some sort of Identity management for your application. if you don't want Microsoft to do the identity management for your application then there are various other options.
There are several well known Identity Providers like Amazon , Facebook etc
Or you can provide your own Identity provider using the first option
"+New OpenID Connect Provider".