7,671 questions
1
vote
0
answers
37
views
Dynamics 365 Omnichannel LCW SSO with AI Agent – botAuthTokenUrl is empty
I am trying to achieve SSO with AI Agent that is triggered via LCW
Manual Authentication has been set up for the AI Agent as described here
https://learn.microsoft.com/en-us/microsoft-copilot-studio/...
- 117
0
votes
0
answers
80
views
Secure Elmah with SSO/AzureAD authentication [closed]
I have a site that uses elmah, that is currently Windows auth, that I am going to be switching over to single sign-on using OIDC.
This site is using .NET Framework.
I want the elmah page (elmah.axd) ...
- 1,374
1
vote
0
answers
61
views
MSAL Migrating to 8.1.0 ,MAM to 12.0.3 Android Native App
please find below details of the issue we are facing, along with the version information of the components used in our Android app.
Issue Description:
We have integrated Intune MAM SDK and MSAL ...
0
votes
0
answers
61
views
SSO Login Error - BrowserAuthError: monitor_window_timeout: Token acquisition in iframe failed due to timeout
I am using .NET and getting the above error. Till yesterday everything was working and all of sudden getting this error today ?
Not sure what is changed?
Also, issue is only with edge browser and FF ...
0
votes
1
answer
36
views
Firefox SSO login shows file picker dialog instead of opening browser on Ubuntu 22.04/24.04
I'm developing a Linux application that opens SSO authentication URLs in the default browser.
On Ubuntu 22.04 and 24.04, when Firefox is the default browser, clicking the SSO link shows a file picker ...
- 5,044
1
vote
0
answers
56
views
ComponentSpace - SSO - ISamlServiceProvider.SamlState is empty during GetLocalSPConfiguration Intermittently
I have recently added Component Space to my .NET 9.0 based web application, to facilitate SSO.
It worked fine for few days, then I faced an issue, where the 'configurationName' is becoming empty for ...
- 11
-1
votes
1
answer
60
views
Is it “standard” to use Keycloak SSO tokens to fetch Google/Microsoft calendar data? [closed]
I’m using Keycloak as my identity provider and I have enabled identity brokering with Google and Microsoft (Azure AD).
My current flow:
User logs in via Google or Microsoft through Keycloak SSO.
In ...
0
votes
0
answers
35
views
Need help to integrate SSO with SAML for one of the applications through Chrome extension
I have one application which supports SSO login by SAML only. I want to create Chrome extension for that and want to give users option to login to that application using SSO from extension in order to ...
-1
votes
0
answers
55
views
Keycloak - deny access if user email not Verified (using External Identity Provider)
I have Keycloak 26 running for user authentication, and I wanted to add federated users, for testing I basically have another Keycloak running somewhere else (let's call it Keycloak 2). So I create my ...
- 462
1
vote
0
answers
71
views
Magento 2 SSO Login: “login_redirect” cookie created on first login, forcing repeated login on checkout
I’m integrating a custom SAML-based SSO module with Magento 2.
The SSO login works, but I’m facing an issue specifically during the first login after the user arrives via SSO
After SSO login, when the ...
- 11
1
vote
1
answer
46
views
Azure AD B2C IdP-initiated SSO : REST TP receives literal {QueryString:...} tokens instead of actual query values
We are building an IdP-initiated SSO flow using Azure AD B2C custom policies, where the journey must:
Read 3 querystring values:
enc_attrs_token, sp, and EntityId
Pass them to a backend REST API via ...
- 13
1
vote
0
answers
127
views
Importing hashed passwords into Keycloak
I want to create a user using a password that has already been hashed (using argon2). This is to validate the user migration process from my application's database to Keycloak.
I went to ...
- 160
0
votes
0
answers
47
views
Sustainsys Saml2 HandledResult = true still sets the cookie
On AcsCommandResultCreated, I want to set my custom cookie. However, I end up with two cookies: one created by the library and another that is mine, even though I set HandledResult = true. How can I ...
- 1,479
0
votes
0
answers
73
views
How to force refresh of AWS SSO loging "refresh"?
I use metaflow with S3. In order to access S3, I need to login with AWS CLI single sign on (aws sso login). The problem is that I have no way to force "refresh" (not sure about correct ...
- 1,559
0
votes
0
answers
71
views
App is not logged out after doing SSO sign out from other apps
I recently worked on a PHP based project and it implemented Keycloak SSO login system.
There are three apps (let's say App-1, App-2, and App-3) that are using the SSO. App-1 also implemented ...
- 1
0
votes
0
answers
212
views
How can I dynamically refresh a JWT token in Airflow with Microsoft SSO using RSA?
I’ve configured Microsoft SSO with Apache Airflow using RSA-based authentication. The setup involves uploading the public key to the Azure App Registration, while Airflow holds the private key to ...
- 19
0
votes
1
answer
92
views
How do x509 certificates work using OpenID Connect SSO authentication?
We decided to involve the OpenID Connect authentication in our project. The identity provider server uses x509 certificates confirmation as an authentication method. So, should we make an additional ...
0
votes
1
answer
92
views
Single Sign On - Laravel Passport
I have multiple Laravel Apps, all with their own user tables and roles tables. I want to implement single sign-on so a user can sign in once and then access all the apps without signing in again. I ...
- 475
0
votes
1
answer
74
views
Azure AD B2C: invalid_grant with JWE key missing when redirecting via SSO pre-login app
[ERR] Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler
Message contains error: 'invalid_grant',
error_description: 'AADB2C90090: The specified kid 'cpimcore_09252015' is not ...
1
vote
0
answers
91
views
How to implement quick account switching in Keycloak without re-authentication?
What I want to achieve
I need to implement a "quick account switching" feature where:
User logs in with Account A ([email protected])
User clicks "Add Account" in my application
...
- 11
0
votes
0
answers
52
views
Unable to acquire new SharePoint Online access token across tenants in Azure AD SSO app (AADSTS50076 MFA error)
We have an Azure AD Single Sign-On (SSO) .NET 8 Core application that transfers documents from one SharePoint tenant to another.
Based on the selected tenant, we retrieve sites, libraries, etc.
We ...
-3
votes
1
answer
102
views
Why do we need password grantype for sso keycloak?
In password grant type password along creds client_id and clients secret we use username/password.
Clien_id/client_secret - it is used for getting access token.
I didn't catch how why we need username/...
- 1,417
-3
votes
1
answer
77
views
AssumeRoleWithWebIdentity - Call AWS DynamoDB from firebase function using IdentityToken
I am getting this error when calling AssumeRoleWithWebIdentityCommand from a firebase function.
Error: {
Type: 'Sender',
Code: 'InvalidIdentityToken',
Message: 'Incorrect token ...
0
votes
0
answers
38
views
SAML attribute for SaaS apps
I am working with Single Sign-On (SSO) using SAML for multiple SaaS applications. Each SaaS provider requires different attribute mappings (for example: email, firstName, lastName, NameID, etc.).
I ...
- 1
0
votes
1
answer
113
views
OIDC django-allauth - kid lookup uses x509 instead of jwk when upgraded to 65.11.0?
We recently upgraded to django-allauth[mfa, socialaccount]==65.11.0 where we are using an OIDC-provider that extends OAuth2Client and we discovered that one of our SocialApplication configs that is ...
- 35
1
vote
2
answers
126
views
Kerberos: Verifying TGS using NodeJS
I'm building a single-sign-on solution where:
A user boots up their Active Directory–joined Windows machine.
My app auto-starts after the Winlogon event.
Since the user already has a TGT from logon, ...
- 51
0
votes
1
answer
64
views
Lavarel Socialite and introspection endpoint. Aka Access Token validation at server side
I'm a bit confused because a lot of articles about Oauth with Mobile App explains the client side but never talk about the server side which needs to verify the validity of the Access Token. As if the ...
- 225
-1
votes
1
answer
73
views
SSO with Shibboleth and Azure on IIS site with 2 bindings
I have a site that hosts some apps on IIS.
It is configured for SSO with shibboleth and azure.
The issue is that i have a new URL now and i want it to work conncurrently with the old one SSO and all
f....
- 41
0
votes
1
answer
220
views
why does one have to execute the aws sso login command when one is Only working with LocalStackCloud on one's work computer? [closed]
Here is the info about the technologies that I'm using:
LocalStack CLI 4.6.0
OS Name Microsoft Windows 11 Enterprise
Docker Desktop 4.43.2 (199162)
aws --version aws-cli/2.17.0 Python/3.11.8 Windows/...
- 1,517
1
vote
0
answers
66
views
Does Entra ID Ciam support SSO for Native Authentication
I'm building a mobile app in React Native with Expo. For my authentication flow I'm using Entra ID Ciam but the docs are say two different things:
These docs say I need to at least have the redirect ...
0
votes
0
answers
90
views
Why with local storage would email be undefined
I'm configuring Entra OIDC for my team and have run into the issue where the company email only populates in my user store with sessionStorage as my cacheLocation, but not with localStorage. I would ...
- 11
0
votes
0
answers
43
views
How to get Keycloak to always store the Broker Context
Keycloak doesn't seem to store broker context in the in the session notes in post login flow.
I am using a custom keycloak SPI to help with user attribute sanitation, in the context of a saml single ...
- 1
1
vote
1
answer
95
views
WSO2 Google Identity federation
I am using wso2 identiy server 5.7.0
I Configured Google Federation by adding clientid and client secret in WSO2IDP also created service provider and deployed pickupdispatch.war as exmample.
After ...
0
votes
1
answer
142
views
MSAL for iOS - how to refresh token
I implemented MSAL-based Enterprise SSO in my application, but I ran into a problem with token renewal. To verify a request to the API, I use idToken, which I receive after authorization. Its lifetime ...
- 467
1
vote
0
answers
425
views
Airflow 3.0.2 + Helm + Keycloak SSO: User role changes from "Admin" to "Viewer" after login
We are using Apache Airflow 3.0.2 with the official Helm chart version 1.17.0, deployed on Kubernetes via Terraform. We're integrating SSO using Keycloak.
Problem
After successful SSO login, users ...
- 642
0
votes
1
answer
213
views
OAuth2 Token Request Fails with "Bearer token missing" – Help Needed (BA Perspective)
I'm a business analyst working on integrating one of our applications with WSO2 Identity Server to enable Single Sign-On (sso) using OAuth 2.0.
While configuring the SSO flow, I used the following ...
-1
votes
1
answer
181
views
OAuth/SSO to Snowflake with Power BI and Airflow
My team is changing all our Power BI and Airflow users' Snowflake connections to use OAuth and SSO. Anyone have experience doing this with these 2 tools?
Far as I can see for Airflow, we register an ...
0
votes
1
answer
48
views
SAML User identification on Service Provider
In certain Identity Providers (IDPs), users can change their email addresses. Therefore, relying on email addresses for user identification on the Service Provider (SP) side is not feasible. When ...
- 1
0
votes
0
answers
90
views
When Cloudflare is enabled, my SSO login does not work between my domain and subdomain
I recently placed my client’s site www.domain.com and its subdomain forums.domain.com under Cloudflare’s protection. In general Cloudflare has been excellent at blocking unnecessary and suspicious ...
- 601
1
vote
0
answers
186
views
phpMyAdmin OIDC Authentication with OAuth2-Proxy causing redirect loop between login and SignonURL page
I'm currently running phpMyAdmin and OAuth2-Proxy in my kubernetes cluster. OIDC authentication is working just fine, I've verified that PMA_USERNAME is being set properly, and I'm being authenticated ...
- 189
0
votes
0
answers
87
views
Firebase Auth deletes the displayName property after first sign in with SAML provider
I use Firebase Authentication with an SAML provider linked to an Azure SSO in a Next.js web app.
Problem : After a user first signs in, the displayName property in Firebase Authentication is set to ...
- 833
1
vote
1
answer
142
views
SSO Issue with Azure AD B2C Using Microsoft Accounts Across Subdomains
I'm setting up SSO behaviors across multiple modules of a web platform using Azure AD B2C Custom Policies as the identity layer. The modules are React apps served from different subdomains under a ...
- 353
1
vote
0
answers
209
views
Apple sign-in with FastAPI returning different state in response
Below is the call to and the callback for my Apple sign-in implementation.
async def login_with_apple(request):
logger.debug(f"Session before Apple login: {request.session}")
...
- 329
1
vote
0
answers
45
views
LinkedIn OpenID Connect – 403 Error: Missing r_emailaddress / r_liteprofile scopes despite configuration
We're implementing a LinkedIn login for our non-profit platform built with MediaWiki. We're using OpenID Connect and following the official Microsoft documentation step-by-step.
However, we encounter ...
0
votes
0
answers
39
views
Is there any way to Implement PingIdentity with Angular's HashRouting?
So, I have an angular web app that our org wants to integrate with PingIdentity and SSO. The 2LDR Problem is, we have HashRouting set on our application, and PingIdentity will not accept an ACL (...
- 640
0
votes
1
answer
1k
views
How to configure open-webui sso with keycloak
I'm trying to set up Single Sign-On (SSO) for Open-WebUI using Keycloak, but I'm encountering some issues. Could someone provide a step-by-step guide on how to properly configure it? Specifically, I'm ...
-3
votes
1
answer
454
views
Bitbucket + SSO requires authentication every time now, how do I get it to remember the details?
I have checked out 10 Bitbucket projects on my old laptop, and used them for years with IntelliJ and Git Bash without having to authenticate when I pull/push etc.
I copied my dev folder to a new ...
- 12.8k
1
vote
1
answer
526
views
In default blazor login template, how do I remake the page to work with MudBlazor and other blazor components
I have the following page for external logins that is based on the default page that comes with blazor template:
@using Microsoft.AspNetCore.Authentication
@using Microsoft.AspNetCore.Http.Extensions
@...
- 832
0
votes
1
answer
173
views
Obtain Azure AD cookies to auto-authenticate users in browser app
I have a WPF desktop application that lets employees open enterprise ticket-management portal from inside the UI.
The portal is protected by Azure AD single-sign-on (OpenID Connect). Ideally, I want ...
0
votes
1
answer
59
views
What to do after SAML assertion is returned to service provider?
my team is building a healthcare React application and we are using Auth0 for authentication. We are required to have SAML integration for healthcare institutions.
I have set up the Assertion Consumer ...
- 433