I have tried to make custom policies. then I used custom policy starter pack from https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack.git
First I registered new user, then I tried sign In process but it doesn't work.
Error message says "The username or password provided in the request are invalid"
Do you have any solution of this?
*I registered B2C_1A_TokenSigningKeyContainer and B2C_1A_TokenEncryptionKeyContainer.
*And I replaced each keys particular place on SignUpOrSignin.xml(followed the guidance from microsoft web page )
One of the common causes of this issue is the misconfiguration of application IDs of IdentityExperienceFramework and ProxyIdentityExperienceFramework.
Check out this to make sure the configuration is correct.
Related
I am trying to enroll a user on my Moodle site via using the Moodle API.
My Moodle instance is hosted on AWS and all relevant ports are open and listening. So, from the network perspective, I can commit that is all ok.
The steps I have already done based on Moodle Documentation:
I have enabled web services on Administration > Mobile app >Mobile settings
I have gone through the 10 steps on the overview of allowing an external system to control Moodle as explained in the documentation (shown also in this Youtube video)
For testing purposes, I am using Postman. Some requests are going through (e.g. getting the token for a certain user, getting the list of all courses, etc.)
Example:
But when I try to i.e. create a user or enroll a user in an existing course I am getting this error:
{
"exception": "webservice_access_exception",
"errorcode": "accessexception",
"message": "Access control exception"
}
The way I am trying to i.e. create the user is as follows:
In the body section I am sending the following data:
users[0][username]
users[0][email]
users[0][lastname]
users[0][firstname]
users[0][password]
Based on my research, most of the contributors suggested enabling web services, but as mentioned above I have enabled them but the problem persists.
Can someone help me solve the issue here or maybe suggest a way of debugging it?
Fortunately, I managed to solve the issue for both user creation and user enrollment.
Here is a great guide that helped me. In addition, you need to add some additional functions to the web service (roles wary based on what you want to do in Moodle) and also you need to alter the permissions of the new user (again depending on what you want to do)...
I have a blazor application. It is authenticated using Azure AD B2C. The sign in user flow is set to Require ID Token in logout requests. When the user is trying to log out, the following error is received:
Sorry, but we're having trouble signing you in.
...
The id_token_hint parameter has not been specified in the request.
Please provide token and try again.
I know that I need to pass id_token_hint as a query parameter, but can't find how exactly this can be done.
Have a look at this and this.
In both cases, the code to build the magic link is included.
Blazor does not currently send the id_token_hint. MS have been aware since .Net 5, but are yet to fix it. There's signs it could be fixed in .Net 8.
https://github.com/dotnet/aspnetcore/issues/29586
I have a couple of different apps hosted on netlify using google APIs that have broken now because netlify changed their hosting to point to xxx.netlify.app instead of xxx.netlify.com
When I attempt to add the new domain to my oauth client IDs under "Credentials" I get an infinitely hanging wheel of death when I click "save"
I thought that wheel of death is caused by the new URL not being registered for the app, so I went to the settings for my application and tried to add the new domain, but it is failing as well.
I go to OAuth Consent Screen -> Edit App which then has another list of "authorized domain."
In the list, I see my old domain name:
foo.netlify.com
I try to add the new name:
foo.netlify.app
However, that auto-corrects to just plain netlify.app
I try saving that and get the following inscrutable error
Error
The request failed because one of the field of the resource is
invalid.
Tracking Number: c4522674593257747
I don't see any way to read more about the error or to use the tracking number to find out more information.
Any troubleshooting pointers would be appreciated. I'd rather not start over from scratch, but at this point it looks like my best bet would be creating a whole new application and starting the whole credential/API Key process over for all of my apps that were hosted on netlify.
I got the same problem and posted it in the google group. I have a reply from google cloud support which states that only top private domain is allowed as stated here Setting Up OAuth2.0
As the error clearly denotes and explained in this document, you can use any Top Private Domain as an Authorized Domain. So it seems to be the intended behavior.
I suppose that means only the domain owner can get a credential now.
I'm evaluating the FusionAuth server locally on my windows machine and I'm trying to set up a identity provider to a adfs server. I have followed the steps as outlined in the docs.
After I login at the adfs I get a 405 error at the /samlv2/acs page.
I have enabled the debug flag on the provider. However no events show up in the System -> Event log page. Should I be able to see these events there?
Under logs catalogue I see a "fusionauth-search" file but no "fusionauth-app" log. Is the fusion-app log the correct place to debug this problem? What could be the reason why it is missing?
Thanks
This looks to be a bug in FusionAuth version 1.7.3.
As a workaround, modify your relying party configuration to use /oauth2/callback instead of /samlv2/acs.
This has been resolved in version 1.7.4. Thanks!
https://fusionauth.io/docs/v1/tech/release-notes/
We have a code that logins to Sharepoint Online using :
https://login.microsoftonline.com/extSTS.srf or https://login.microsoftonline.com/RST2.srf, but recently we starting to get authentication failed saying that "Incorrect Username or Password" and after some retries it returns:
"0x80048823 message : AADSTS70002: Error validating credentials. AADSTS50053: You've tried to sign in too many times with an incorrect user ID or password."
While using same username and password to login in the browser works fine, and neither password or username were changed, also code didn't changed. As same code works fine for another Sharepoint tenants. Seems that something changed in the Microsoft login servers, where it's started to not accept user credentials, while web browser login works fine.
Please advise.
Thanks
Microsoft Rep has helped me get this far.
They had us create a "Cloud Only" user. This user was setup as "#" so if your name is bill and your corporate sharepoint site is name is FakeCompany.sharepoint.com then you would have the person as "bill#FakeCompany.onmicrosoft.com"
This user was able to login to https://login.microsoftonline.com/extSTS.srf by just passing username and password.
Our on prem AD users are still having issues, i mentioned this and got the following response.
There is no issue with sync as you are able to login to portal using the same account and password.
The solution you need is documented in https://learn.microsoft.com/en-gb/azure/active-directory/manage-apps/configure-authentication-for-federated-users-portal#enable-direct-authentication-for-legacy-applications
You need to create a home realm discovery (HRD) policy where "AllowCloudPasswordValidation":true.
We have not yet implemented the last solution but the creating of a cloud account may help some of you.
So I think I understand what they are trying to say. There are 2 paths that you are able to authenticate with according to the node-sp-auth example.
"Managed" and "Federated"
"Managed" was the easier version and allowed for you to be able to just provide username and credentials in a soap assertion to login.
Federated is a lot more complicated. You need to first perform a post to Microsoft to validate the user hitting your adfs server. https://adfs.XXXXXXX.com/adfs/services/trust/13/usernamemixed
Then you take the saml:Assertion from that response and put it into the "Token" section of the call you make to https://login.microsoftonline.com/extSTS.srf utilizing the templates from the node-sp-auth.
I have C# code that performs all these steps but I am getting an error
AADSTS70002: Error validating credentials. AADSTS50008: SAML token is invalid. AADSTS50006: Invalid signature. Signature verification failed.
Even though the signature is being generated by Microsoft in their SAML.
node-sp-auth code refrence is OnlineUserCredential.ts file.
If someone can figure out the last mile I can post a comprehensive C# solution.