I'm using AzureAD Library for Objective-C (https://github.com/AzureAD/azure-activedirectory-library-for-objc) to connect to ADFS 3.0 on 2012 R2 using the OAuth 2 Authorization Code grant flow.
I'm getting the error:
Error with code: AD_ERROR_DEVELOPER_INVALID_ARGUMENT
Domain: ADAuthenticationErrorDomain ProtocolCode:(null)
Details:The argument 'user principal name' is invalid.
Value:(null).
Inner error details: Error Domain=ADAuthenticationErrorDomain Code=100 "(null)"
We have an android app that is connecting successfully, so I don't think this is the real error.
I'm using v2.6.3 of the library on iOS 11.3, both on an iPhone 6 and on the simulator with the same results.
I'm reproduced the issue using the SampleSwiftApp included with the repo, with no code changes apart from the configuration.
Is v2.6.3 compatible with ADFS v3.0 on 2012 R2?
Can I get it to work with a configuration change?
ADFS v3.0 doesn't support authority validation, so I updated the authentication context constructor from:
let authContext = ADAuthenticationContext(authority: AdalAuthority,
error: nil)
to:
let authContext = ADAuthenticationContext(authority: AdalAuthority,
validateAuthority: false,
error: nil)
to get it to work.
Related
I am new for WSO2 and using for the authentication in iOS app but i am getting authentication error after providing profile and username permission.
Getting "Something went wrong during the authentication process, Please try signing again"
WSO2 server is setup remotely and SSL certification also configured.
Step 1
Step 2
In iOS app I am using AppAuth SDK for authentication. Demo code is working fine with other identity server(Gluu and identity) but getting error with WSO2 identity server.
I am using below method of ADAL iOS library to Acquire access token silently.
acquireTokenSilentWithResource:completionHandler:
But it fails with an error:
ERROR: Error raised: 10. Additional Information: Domain: ADAuthenticationErrorDomain ProtocolCode:(null) Details:The user credentials are need to obtain access token. Please call the non-silent acquireTokenWithResource methods.. ErrorCode: 10.
Any help is appreciated.Tested in both ADAL iOS versions 1.2.1 and 1.2.9.
In order for this method to succeed, there must first be a successful token acquisition. First use: acquireTokenWithResource, the user will be presented with UI for credentials. ADAL will cache the tokens. The subsequent call to acquireTokenSilentWithResource will then succeed (assuming the resource etc. are the same).
I'm creating a Xamarin Forms proof of concept and have hit a bit of a wall with an issue posting to my rest service. The rest service is a Web API 2 Rest service using OAuth Bearer Tokens. I have it running with a valid SSL certificate over https.
I can obtain a token just fine on the device, however, posting with the Bearer token Authorization header causes
System.Net.WebException: cannot parse response.
If I omit the authorization header, the request fails at the server due to authentication. If I include it, the request never goes out to the server (used charles proxy to verify).
The "rest client" is a simple wrapper around HttpClient with ModernHttpClient as a provider, defined in a PCL. The "rest client" works beautiful from a console application. I think I'm seeing an exception from a lower level in iOS related to authentication headers...
This is how I build the HttpClient in the PCL:
Client = new HttpClient(new NativeMessageHandler());
Client.MaxResponseContentBufferSize = 256000;
Client.BaseAddress = new Uri("https://rest-dev.mysub.mydomain.com");
Client.DefaultRequestHeaders.Accept.Clear();
Client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", Authentication.AuthorizationToken); // Authentication is where I store the token
Then I post the model with:
var strContent = JsonConvert.SerializeObject(model);
var content = new StringContent(strContent, Encoding.UTF8, "application/json");
HttpResponseMessage response = await client.PostAsync($"api/devices", content);
All of this is covered with a test application which uses the same PCL to post to the server.
Not sure it matters, but in case it does, within the Xamarin Forms PCL this is called within a new Command on login (after the token is obtained).
I have the same error whether I run in iOS simulator or on my device.
I found it interesting that when I don't use ModernHttpClient as a provider, I receive a different error when attempting to obtain a token:
"System.Net.WebException: Error: SendFailure (Error writing headers)"
Research on that lead me down the path of setting up a valid SSL.
Any help in the right direction would be greatly appreciated. My google-fu is at a wall.
Update
I think I'm on to the issue, it's related to the SSL certificate. I used Charles Proxy and had it install its certificate to debug the connections and it just started working. Still does not work without using Charles Proxy, though.
This turned out to be an issue with IIS SSL handshaking. My solution here:
https://serverfault.com/a/779895/42134
I had a similar issue because my webserver is set to only use TLS1.2. The SSL handshake worked after adding:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
to the Startup.Auth.cs -> ConfigureAuth method in the WebAPI as well as in the initialization of the client code.
I`m trying to run playground2 example and authorize with WSO2 Identity server 5.0.0 using OAuth2. And when I choose the authorization_code grant type application failed to obtain token since identity server returns 401 error.
But with Identity Server 4.6.0 it works fine.
Authentication parameters is:
grant_type: authorization_code
client_id: XXXXXXX
scope:
callback url: http://localhost:8081/oauth2client
authorize endpoint: https://localhost:9443/oauth2/authorize
Is it a bug of WSO2IS 5.0.0?
Pls obtain the latest playground app from this location.
You call back url seems to be wrong. Please follow the steps given in this document which is explained for Identity Server 5.0.
I've been using Oauth Plugin for LinkedIn authentication with salesforce for a few months now without any issues; today we are seeing this error with no change to our existing code. I verified that the API keys and the scope were correct on the LinkedIn Developer site. Anyone know how to solve this issue?
ERROR:
Failed getting a request token. HTTP Code = 403. Message: Forbidden.
Response Body:
oauth_problem=Scope%20NOT_AUTHORIZED%20%3A%20r_fullprofile%2C%20Scope%20NOT_AUTHORIZED%20%3A%20r_network%2C%20Scope%20NOT_AUTHORIZED%20%3A%20rw_groups%2C%20Scope%20NOT_AUTHORIZED%20%3A%20rw_nus%2C%20Scope%20NOT_AUTHORIZED%20%3A%20w_messages
Endpoint=https://api.linkedin.com/uas/oauth/requestToken?scope=r_fullprofile%20r_emailaddress%20r_network%20r_contactinfo%20rw_nus%20rw_groups%20w_messages, Method=GET]
They have made some changes to the LinkedIn API. Have a look at Developer Program Transition Guide