locked
SSO with custom application RRS feed

  • Question

  • 

    I configured both AAD and custom application to get SSO enabled, by following provided resources. Everything seemed to work, but I got errors at login in below:

    Sign In
    Sorry, but we’re having trouble signing you in.
    We received a bad request.

    Additional technical information:

    Correlation ID: 80b7bb9b-65ed-4e0d-8159-dfbf9b83679e

    Additional technical information:

    Correlation ID: 80b7bb9b-65ed-4e0d-8159-dfbf9b83679e

    Timestamp: 2015-10-08 08:07:28Z

    AADSTS70001: Application with identifier 'XXX.jp' was not found in the directory ''-b900-47d9-9dfc-ca4ed09f0b7c

    Thursday, October 8, 2015 9:23 AM

All replies

  • Hi,

    Are you trying to get AAD authentication to work with an ASP.NET MVC app? It looks like something isn't configured right.

    Have a look at the guide below. This explains in detail the steps you need to take to get this to work for an ASP.NET MVC application. https://azure.microsoft.com/nl-nl/documentation/articles/web-sites-dotnet-lob-application-azure-ad/

    Hope this helps you identify incorrect configuration settings...

    Edward 

    Thursday, October 8, 2015 9:42 AM
  • Hi,

    Custom application is not ASP.NET MVC, but it's cloud service(like zoho mail).

    SAML Authentication does not work well.

    Otherwise, Registered applications(Yahoo, Zoho mail and so on) work well.

    https://github.com/Azure/azure-content/blob/master/articles/active-directory/active-directory-saas-zoho-mail-tutorial.md

    http://blogs.technet.com/b/ad/archive/2014/09/03/50-saas-apps-now-support-federation-with-azure-ad.aspx

    Thanks,

    Takanori

    Friday, October 9, 2015 3:42 AM
  • Greetings, Takanori!

    The above might be occurring due to a wrong sequence of actions. When creating a custom application that needs to access an AAD tenant via Graph API, you need to grant permissions to the App in the configuration page of the App, or through PowerShell.

    Ensure you grant the permissions BEFORE you create the Client Secret (keys) because otherwise, your key won't contain the security information.

    Please verify that the operations are in the right order. The keys hold the security information. Similarly, if you revoke some security settings at Application level, it won't affect the previously created keys so make sure to revoke them as well if needed.

    Reference: http://blogs.technet.com/b/ad/archive/2015/06/17/bring-your-own-app-with-azure-ad-self-service-saml-configuration-gt-now-in-preview.aspx

    Thank you,

    Arvind

    Friday, October 9, 2015 10:42 PM
  • Could you provide more information? How did configure SSO?

    Santhosh Sivarajan | Houston, TX | www.sivarajan.com
    ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA

    My Books: | Windows Server Security | Windows Server 2012

    Blogs | Twitter | LinkedIn | Facebook|

    This posting is provided AS IS with no warranties, and confers no rights.

    Sunday, October 11, 2015 12:54 AM
  • Any update? Let us know if you have any additional questions.

    Santhosh Sivarajan | Houston, TX | www.sivarajan.com
    ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA

    My Books: | Windows Server Security | Windows Server 2012

    Blogs | Twitter | LinkedIn | Facebook|

    This posting is provided AS IS with no warranties, and confers no rights.

    Tuesday, October 20, 2015 3:29 PM