After integrating Keycloak with Azure AD. I am successfully login as per azure logs but console screen of keycloak is not opening and after sometime it is showing error.
enter image description here
Related
I created an Azure AD B2C tenant, added applications to it. After running the application, it allows me to enter username and password, but when I click login it throws an error,
inner exception = null: invalid_resource;AADSTS500011: The resource
principal named api://8e82b4f2-4962-4b66-a6f5-76667400cfed was not
found in the tenant named. This can happen if the application has not
been installed by the administrator of the tenant or consented to by
any user in the tenant. You might have sent your authentication
request to the wrong tenant.
Am using this library MSAL Mobile Flutter Plugin. I have followed all the steps described by documentation on the plugin, and on azure portal, but end up with that error. And I am logging in with users from the same tenant
What am i doing wrong?
I can easily reproduce your problem.
For AAD b2c tenant, it is somewhat different from AAD tenant. I noticed that the sample you refer to is aad. If you use aad b2c tenants, its scope should be:
https://zhaozhub2c.onmicrosoft.com/0ffde1a6-04d2-440e-87a5-d9fd69dbxxxx/mytest.
Please note that you cannot use client credential flow for Azure b2c because Azure b2c requires user login. I used ROPC flow to test and it works well.
I downloaded WSO2 IS, took care of all the prerequisites and started it using "wso2server.bat --run" command.
It's running and I am able to configure it in Management Console as Identity Provider (SAML 2.0). I also added my app as Service Provider (SAML 2.0). SSO seems to be working - I navigate to my app, it redirects to WSO2 IS where I log in using default admin/admin. I am then redirected to assertion service in my app when I am authenticating a user. Everything great so far!
The problem is that when I close the browser (using incognito mode) and try to repeat that process and login to WSO2 IS using the same user (admin/admin) I get error message:
"Login failed! Please recheck the username and password and try again."
I also get similar message in console:
[2018-02-08 15:57:39,258] ERROR {org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener} - Trying to login from an inactive account of user: admin
How is that possible? It looks like the second I use given user during SSO process - that account gets deactivated. I can't even login to WSO2 IS Management Console.
I did not change any configuration other than mentioned above.
I would appreciate any help.
I'm following this guide to create an application in my Azure B2C active directory.
I have created a new local user called admin#{mytenant}.onmicrosoft.com which is set as a global user. I am using this user to manage my active directory with PowerShell.
It seems that the application (service principal) gets created successfully. There are no errors returned and when I run Get-MsolServicePrincipal the newly created app appears in the list.
However it is nowhere to be found in the old Azure portal (http://manage.windowsazure.com) nor the new one (http://portal.azure.com). Am I doing something wrongly with creating it?
The answer of the question below could be useful for you : Azure AD B2C Connected user change password with Graph AD API
I don't know if it's possible in the old portal.
I've created a new cluster with AAD for client auth using ARM by following the document linked to below. The cluster deployed and my app works fine but my browser is still asking me to select an X.509 certificate when I attempt to use the SF Explorer at: https://mycluster.northcentralus.cloudapp.azure.com:19080/Explorer
I thought when I hooked up Azure AD that the client cert would no longer be needed. Note that I do see that the SF Explorer displays my name in the upper right (with a logout option), indicating to me it's using AAD.
So, what's up with this? Any ideas?
https://azure.microsoft.com/en-us/documentation/articles/service-fabric-cluster-creation-via-arm/
That happens if there's an issue with AAD authentication - the cluster will fallback to certificate authentication.
If SF Explorer isn't re-directing to an AAD login page at all, then double-check that the web application reply URL in the AAD cluster application matches the SF Explorer URL.
If the re-direction is happening and AAD login was successful, then double-check that the AAD cluster application has the expected user roles and that your user has been assigned a role.
I created an Azure mobile service and published the sample project that the website provides. When I try to visit the service from browser using my service URL (an example is https://test.azure-mobile.net/help), service is asking me for credentials. I tried using the Azure credentials but they don't work.
What credentials is it asking?\
You can use the application key or the master key from your mobile service. In the Azure portal, go to your mobile service and in the dashboard select the manage keys option on the bottom of the page. You should use this key as the password, and any value (even empty) for the user name.