I am trying to have Azure federation in one of my MVC application, but ending up having this error
Sorry, but we're having trouble signing you in.
Account 'soandso#microsoft.com' is not configured to sign-in to this application.
Sign-out and sign-in with another account.
Additional technical information:
Trace ID: b94e380f-8234-4221-a59d-6efb5e644c83
Timestamp: 2014-06-25 08:35:00Z
ACS50001: ACS50001: Relying party with identifier 'http://testsmb.azurewebsites.net/testsmb' was not found
Not sure where I am doing wrong. Any help would be highly appreciated. I tried doing googling but nothing helps.
Vinod
Did you try running the browser in in-private mode? It looks like you are signing in automatically to the microsoft.com directory, whereas you want to use a test directory for your development.
Azure AD does not issue a token to an application if the application hasn't been installed in the directory. The installation of the application can happen in two modes: Administrator consent and User only consent. With administrator consent, the application can sign-in any user in the organization, however with user only consent, the application can sign-in only that specific user. This help topic (msdn.microsoft.com/en-us/library/azure/dn151789.aspx) explains how to get consent in the 'Add Sign-Up Capabilities to the Application' section.
Related
I'm trying to follow the instructions here which tell me to create credentials via the instructions here, which as step 6 tells me 'Click the user type for your app. If you're running a Quickstart, select Internal.'
On the page in question, 'Internal' is greyed out, and tells me I can't select it because I'm not a Google Workspace user. Going to Google Workspace, it tells me I need a domain name for 'my business'. Since I don't have a business, or any domain that would have anything to do with this project (I just want to push some personal data from the command line to a sheet), I don't seem to be able to proceed. Is the Google Sheets API just not available for such use?
If you don't have a Workspace account but you don't want to publish your app publicly (and go through the associated review by Google), you can set the app to External and test the app instead of publishing it.
In order to do that, just add yourself as Test user when setting the OAuth consent screen, and leave the Publishing status on Testing, don't change it to In production:
Testing
Projects configured with a publishing status of Testing are limited to up to 100 test users listed in the OAuth consent screen. A test user consumes a project's test user quota once added to the project.
Google will display a warning message before allowing a specified test user to authorize scopes requested by your project's OAuth clients. The warning message confirms the user has test access to your project but should consider the risks associated with granting access to their data to an unverified app.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Reference:
Publishing status: Testing
Unfortunately, that means that the authorization lasts only for 7 days. Which means that I have to keep creating new projects every 7 days, which is untenable. Here is the excerpt from the "Setting up your OAuth consent screen" page on the Google support site.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Background
I'm developing an Office Add-in for Outlook. I'm using Auth0 for authenticating users before the client can access my API. So far I'm only allowing users to log in using the username / password connection (no social login).
I'm having an issue with users having to log in quite often.
What I've tried
I've tried to following approaches and failed:
Refresh tokens - not allowed due to the browser context
Silent auth - seems like it's not working that well (sessions are terminated frequently)
Questions
Why does the session terminate so frequently (disabling silent auth)?
What decides if the session is terminated at all?
Would it help to use Microsoft social login?
I'm happy to read any relevant material - I'm just not sure where to look. So please reference any material that can be helpful.
If Azure active directory is your Auth provider/ gating access to your API and the user is an O365 user then you can use Single Sign on for office. The capability is currently in preview and will be released soon.
https://learn.microsoft.com/en-us/outlook/add-ins/implement-sso-in-outlook-add-in
You still need to implement oAuth flow if your add-in is going to be used on outlook mobile or exchange on-prem. In that case after the user complete the oatuh flow. You need to keep a mapping of the exchange identity token and access/ refresh token on your end.
The article linked above explains that as well.
I have a simple question that I can't solve with the resources about moodle and LTI.
I want my users to login into their App with moodle credentials (as often done with e.g. "login via facebook") - is my app the consumer or the provider?
I first thought the app is the provider but some points make me question that:
No, I do not want to start the app from within moodle.
No, I also do not want to embedd my app content in moodle.
I just want the users registered in moodle login to an app with their moodle username and password
All content I found on LTI provider assumed the opposite of point 1 and 2.
However, I also found that moodle can be a provider itself. It has been shown to be embedded in an external application. But in my understanding, the consumer is responsible for authenticating the login (which is opposite to point 3).
Am I missing something, that makes it so hard to see the soution here?
I found Atomic Jolt's try_oauth repo will do exact what you want. It also has an excellent code along video which explains the workflow really well.
You navigate to the app and it opens up a Canvas authentication page and grabs the users credentials.
https://github.com/atomicjolt/try_oauth
Hope that help.s
There is a plugin for moodle which makes it a oauth2 provider. You could use that to allow authentication in your app with moodle credentials.
https://github.com/projectestac/moodle-local_oauth
Is it possible to achieve Azure Active Directory authentication without going to browser window? I will have username and password via the mobile app login interface.
I need to achieve below scenario:
Use open mobile application (ios/android)
Enter Azure AD username and password to app login screen - e.g. user#tenant.onmicrosoft.com & password
I pass those information to .net web service - which need to call some Azure AD api to validate user credential before proceed to perform other business logic/make database calls
Any recommendation? I DON'T want user to redirect to any login window/page as this will not be good user experience.
I have already checked few different articles but not satisfactory response yet.
Thank you for your time.
I believe below link is helpful.
http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/
I really like Trello's login style-- after i'm logged into Gmail, calendars, anything, i'm automatically logged in when i get to their site.
What i can't find is a complete example of how to go about this sort of "automatic login"-- in any language. While i'd prefer something in .NET, I'm open to whatever.
Any help on resources that detail how to go about this?
They are not using OAuth system rather than they are using OpenID protocol and once you approve the authentication as per this you will again not asked to approve it again.
More over for the first time when you go there it present a check-box to remember the approval
What you looking is similar to what SO is providing, once you have register with SO anytime you to google login page and if you are logged in you will automatically get logged in a part of OpenID
for .net here is the one SO itself using
DotNetOpenAuth