Unable to perform SSO in react application

Azure-Samples / ms-identity-ciam-javascript-tutorial

CIAM JavaScript samples

MIT License

32 stars 39 forks source link

Unable to perform SSO in react application #64

Open samthrusha123 opened 11 months ago

samthrusha123 commented 11 months ago

Please provide us with the following information:

This issue is for a: (mark with an `x`)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [x] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

I just cloned your repo & trying SSO authentication (msal) in react SPA. I updated my client id & respective autority with tenant id, but i;m unable to perform SSO, can you please help? Folder path : ms-identity-ciam-javascript-tutorial-main\1-Authentication\1-sign-in-react\SPA

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

Thanks! We'll be in touch soon.

eduardogoncalves commented 11 months ago

Hello @samthrusha123 I encountered the same issue and received the following error:

Received error AADSTS131010: User not permitted due to policy conditions.
Trace ID: eb83ec73-7b33-440f-93a1-946cb8420200
Correlation ID: 1f05d52b-0a83-4c9d-8963-059c414d5106

However, I found that logging in from a new private window resolved the issue:

I utilized the configure script for setup with the command: .\Configure.ps1 -TenantId xxxxx-xxxxx-xxxxx-xxxxxx

Additionally, I followed the manual steps outlined here:

Let me know if you managed to make it work.

dmitrifaleev commented 11 months ago

same issue in asp.net webapp, first sign up/sign in ends in this exception page. signin logs show Interrupted (KMSI) and Success with no Conditional Access applied. New window resolves, but can't use in prod if first time sign up causes this.

gcrockenberg commented 10 months ago

Experiencing same issue with sample app "2-sign-in-angular".

Error: ServerError: invalid_grant: 131010 - [2023-12-03 17:15:59Z]: AADSTS131010: User not allowed by policy conditions.

The Entra login experience appeared to complete successfully but msal revealed the login failure event in the console logs. The User was created in Entra. No error in the server side Sign-in Log. I was using Edge in private mode.

From the info provided by others above, I was able to login after opening another browser window (not private) but first I received an Entra login error in the UI. I selected try another account and entered the same account that was failing. That login worked in Entra and with msal.

I have a working AADB2C solution but am trying to experiment with Entra.

KasperiP commented 6 months ago

I am still having this exactly same issue. Did anyone find working solution?

As mentioned previously, the account is created, but the first sign-up attempt fails. Subsequently, if you open a private tab and attempt to sign in, it works. However, the error during sign-up is problematic, especially when considering production.

EDIT: I got following reaponse from azure support:

Upon receiving the response from our internal team, we have been indicated that this is a known issue which is being worked on by our PG Team. The fix for this issue is already underway with an ETA for April 19th.