Skip to content

msal-angular with AD FS 2019 #4301

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sglickman opened this issue Dec 3, 2021 · 2 comments
Closed

msal-angular with AD FS 2019 #4301

sglickman opened this issue Dec 3, 2021 · 2 comments
Assignees
@sameerag
Labels
adfs Related to ADFS msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package question Customer is asking for a clarification, use case or information.

Comments

@sglickman
Copy link

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

^2.19.0

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

^2.0.5

Description

I'm trying to follow the msal-angular-tutorial to create an angular app which authenticates against an on-premise AD FS 2019 server.

I see that this should be supported, per this pull request, but I can't seem to get it working, and am wondering what I'm doing wrong, or if there is any documentation around AD FS 2019 (vs. Azure-managed authentication).

I'm seeing an issue where when I try to log in, it's attempting to hit login.microsoftonline.com which returns a 400 error.

Here's my MsalModule setup code.

    MsalModule.forRoot(new PublicClientApplication({
      auth: {
        clientId: CLIENT_ID, // This is your client ID
        authority: ADFS_2019_ENDPOINT, // This is your tenant ID
        redirectUri: 'http://localhost:4200/' // This is your redirect URI
      },
      cache: {
        cacheLocation: 'localStorage',
        storeAuthStateInCookie: isIE, // Set to true for Internet Explorer 11
      }
    }), null, null)

ADFS_2019_ENDPOINT looks like 'https://staging.mydomain.com/adfs'

I would have expected that supplying a URL for the authority field would have overridden any references to login.microsoftonline.com, but am I doing something wrong?

MSAL Configuration

{
  auth: {
    clientId: CLIENT_ID, // This is your client ID
    authority: ADFS_2019_ENDPOINT, // This is your tenant ID
    redirectUri: 'http://localhost:4200/' // This is your redirect URI
  },
  cache: {
    cacheLocation: 'localStorage',
    storeAuthStateInCookie: isIe, // Set to true for Internet Explorer 11
  }
}), null, null)

Relevant Code Snippets

No response

Identity Provider

ADFS

Source

External (Customer)
@sglickman sglickman added the question Customer is asking for a clarification, use case or information. label Dec 3, 2021
@ghost ghost assigned sameerag Dec 3, 2021
@ghost ghost added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Dec 3, 2021
@github-actions github-actions bot added adfs Related to ADFS msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package labels Dec 3, 2021
@sglickman
Copy link
Author

Seeing this error in my browser console:

GET https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://staging.mydomain.com/adfs/oauth2/v2.0/authorize 400

@sglickman
Copy link
Author

I added a knownAuthorities section and it seems to be working - apologies for the noise but it would be very helpful to have a mention of this on the tutorial page.

@ghost ghost removed the Needs: Attention 👋 Awaiting response from the MSAL.js team label Dec 3, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Dec 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sameerag sameerag

Labels
adfs Related to ADFS msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sglickman @sameerag