ms-identity-java-webapp failing

[drudymeyer]

I am getting the same issue for the two sample applications (spring-security-web-app and msal-java-webapp-sample). I am running on a fresh install of Tomcat (9.0.39) and I have SSL setup on port 8443. I see the initial page, hit login, after signing in to Microsoft I see these in the browser debug Network tab:

404 The requested resource [/secure_page] is not available and 404 GET scheme https, host localhost:8443, filename /msal4jsample/secure/aad

I can see in the Controller logic these requests are mapped. Not sure if I am missing something or have something configured incorrectly. I am using jdk 1.8, eclipse and maven to build war. I am just learning to work with Azure.

[Avery-Dunn]

Hello @drudymeyer : Could you provide a bit more info about this error: what browser are you using, and when it happens are you seeing the sample's error page (should just say something like 'error page!' with a link to the home page), a browser-specific error page, or something else?

I haven't encountered that error before so I'm not sure what could be happening. The closest I can get to the 404 GET error you posted is by commenting out the method in AuthPageController that maps to /msal4jsample/secure/aad, which gets me a 404 error in my set up too (Chrome/Tomcat 9/port 8443/Java 1.8/IntelliJ). Have you made any changes to the sample's code, or is that also fresh from the repo?

Unless you're getting an error message from Azure/Identity/Microsoft (in a screen that looks similar to the login page) I doubt the issue is with the config in the Azure portal, but just in case double check that the redirect URI's are set up according to the README.

One other thing you can try is to try running one of the other samples to help narrow down where the error might be. For example, the username-password flow sample in the ms-identity-java-desktop repo doesn't need Tomcat or any direct browser interaction, and the device code flow sample has browser interaction that doesn't rely on the sample's files. If you can get either of those samples working, then the issue might be with Tomcat or your browser, and if they also don't work then maybe the issue is in Azure or your environment.

[drudymeyer]

Hello @Avery-Dunn: I did see the "error page!", I am using FF, I hit F12, then the Network tab to see the 404. I will try Chrome and report back. In the meantime I ran both apps you linked above. Both of these give me errors:

C:\JavaApps\ms-identity-java-desktop-master\Integrated-Windows-Auth-Flow\target>java -jar public-client-integrated-windows-authentication-sample-1.0.0.jar Exception in thread "main" java.lang.NullPointerException at IntegratedWindowsAuthFlow.setUpSampleData(IntegratedWindowsAuthFlow.java:115) at IntegratedWindowsAuthFlow.main(IntegratedWindowsAuthFlow.java:26)

C:\JavaApps\ms-identity-java-desktop-master\Username-Password-Flow\target>java -jar public-client-username-password-sample-1.0.0.jar Exception in thread "main" java.lang.NullPointerException at UsernamePasswordFlow.setUpSampleData(UsernamePasswordFlow.java:115) at UsernamePasswordFlow.main(UsernamePasswordFlow.java:27)

A note on the Username-Password-Flow/README.me, the jar name is incorrect on line 137.

To confirm the java version: C:\JavaApps\ms-identity-java-desktop-master\Integrated-Windows-Auth-Flow\target>java -version java version "1.8.0_221" Java(TM) SE Runtime Environment (build 1.8.0_221-b11) Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, mixed mode)

I don't understand these error either as the application.properties file is in the root of the jar file.

[drudymeyer]

@Avery-Dunn : following up with test on Chrome. Same behavior

[drudymeyer]

Hi @Avery-Dunn : could this be a hint why it is failing. When I run IntegratedWindowsAuthFlow from within eclipse after building I see this error:

==No accounts in cache [ForkJoinPool.commonPool-worker-1] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: 2c256d5c-e20f-4ba3-b460-b38c29c37a86] Execution of class com.microsoft.aad.msal4j.AcquireTokenSilentSupplier failed. com.microsoft.aad.msal4j.MsalClientException: Token not found it the cache

The same error with a different ID occurs in UsernamePasswordFlow.

[Avery-Dunn]

@drudymeyer : I'm able to reproduce your error: I originally ran the sample directly in IntelliJ and it worked fine, however when I ran it in my separate Tomcat installation I got the same 404 you got. I haven't had that issue before and it's been a while since we've changed anything in the sample, so we're investigating what could be going on.

You said you're using Eclipse, I haven't used that IDE in a while but if there's a way to run the main method of MsalWebSampleApplication I'd suggest giving that a shot (the sample worked for me when I ran it directly in IntelliJ, so maybe it's same for Eclipse).

As for your issues in the other sample: the "token not found in cache" error message is expected, as that sample demonstrates the silent call pattern of "try silent call -> fail -> use another flow", so that's probably not related. However, the first issue you mentioned (the NullPointerException) is caused by the sample using a file loading method that for some reason doesn't find the right path when running as a .jar . I saw that issue in this other sample and I'll make the fix in the actual repo soon, but that sample and that issue is also unrelated to the 404 you're getting in this sample. (if you still want to try running either IWA flow or username-password flow samples for fun though, just change line in setUpSampleData() from properties.load(new FileInputStream(Thread.currentThread().getContextClassLoader().getResource("").getPath() + "application.properties")); to properties.load(Thread.currentThread().getContextClassLoader().getResourceAsStream("application.properties")); )

[drudymeyer]

@Avery-Dunnmailto:notifications@github.com : I have successfully run the two samples; msal-web-sample and spring-security-web-app from within eclipse. For the other two samples; Integrated-Windows-Auth-Flow and Username-Password-Flow I made the updates you mentioned and get by the initial Null Pointer Exception but then receive other errors, I understand the first exception is expected but I am not sure about the next one. Here is the output:

C:\JavaApps\ms-identity-java-desktop-master\Integrated-Windows-Auth-Flow\target>java -jar public-client-integrated-windows-authentication-sample-1.0.0.jar ==No accounts in cache [ForkJoinPool.commonPool-worker-1] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: a71ffc52-e8d6-452e-942a-aca8ba5713bf] Execution of class com.microsoft.aad.msal4j.AcquireTokenSilentSupplier failed. com.microsoft.aad.msal4j.MsalClientException: Token not found it the cache at com.microsoft.aad.msal4j.AcquireTokenSilentSupplier.execute(AcquireTokenSilentSupplier.java:58) at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59) at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17) at java.util.concurrent.CompletableFuture$AsyncSupply.run(Unknown Source) at java.util.concurrent.CompletableFuture$AsyncSupply.exec(Unknown Source) at java.util.concurrent.ForkJoinTask.doExec(Unknown Source) at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(Unknown Source) at java.util.concurrent.ForkJoinPool.runWorker(Unknown Source) at java.util.concurrent.ForkJoinWorkerThread.run(Unknown Source) ==acquireTokenSilently call failed: com.microsoft.aad.msal4j.MsalClientException: Token not found it the cache [ForkJoinPool.commonPool-worker-1] INFO com.microsoft.aad.msal4j.HttpHelper - [Correlation ID: null] Sent (null) Correlation Id is not same as received (null). [ForkJoinPool.commonPool-worker-1] WARN com.microsoft.aad.msal4j.MexParser - No policies found with the url [ForkJoinPool.commonPool-worker-1] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: 48cbe0f2-14a6-4583-90bf-676fb4bd3fd8] Execution of class com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier failed. com.microsoft.aad.msal4j.MsalServiceException: WsTrust endpoint not found in metadata document at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:85) at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.getAuthorizationGrantIntegrated(AcquireTokenByAuthorizationGrantSupplier.java:126) at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:40) at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59) at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17) at java.util.concurrent.CompletableFuture$AsyncSupply.run(Unknown Source) at java.util.concurrent.CompletableFuture$AsyncSupply.exec(Unknown Source) at java.util.concurrent.ForkJoinTask.doExec(Unknown Source) at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(Unknown Source) at java.util.concurrent.ForkJoinPool.runWorker(Unknown Source) at java.util.concurrent.ForkJoinWorkerThread.run(Unknown Source) Exception in thread "main" java.util.concurrent.CompletionException: com.microsoft.aad.msal4j.MsalServiceException: WsTrust endpoint not found in metadata document at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:93) at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17) at java.util.concurrent.CompletableFuture$AsyncSupply.run(Unknown Source) at java.util.concurrent.CompletableFuture$AsyncSupply.exec(Unknown Source) at java.util.concurrent.ForkJoinTask.doExec(Unknown Source) at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(Unknown Source) at java.util.concurrent.ForkJoinPool.runWorker(Unknown Source) at java.util.concurrent.ForkJoinWorkerThread.run(Unknown Source) Caused by: com.microsoft.aad.msal4j.MsalServiceException: WsTrust endpoint not found in metadata document at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:85) at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.getAuthorizationGrantIntegrated(AcquireTokenByAuthorizationGrantSupplier.java:126) at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:40) at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59) ... 7 more

Here is the stack trace for the Username-Password-Flow: C:\JavaApps\ms-identity-java-desktop-master\Username-Password-Flow\target>java -jar public-client-username-password-sample-1.0.0.jar ==No accounts in cache ==acquireTokenSilently call failed: com.microsoft.aad.msal4j.MsalClientException: Token not found in the cache [ForkJoinPool.commonPool-worker-1] INFO com.microsoft.aad.msal4j.HttpHelper - [Correlation ID: null] Sent (null) Correlation Id is not same as received (null). [ForkJoinPool.commonPool-worker-1] INFO com.microsoft.aad.msal4j.HttpHelper - [Correlation ID: null] Sent (null) Correlation Id is not same as received (null). [ForkJoinPool.commonPool-worker-1] ERROR com.microsoft.aad.msal4j.PublicClientApplication - [Correlation ID: 1c4e71be-b386-4b3e-81e6-03f8a578d8e8] Execution of class com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier failed. java.lang.NullPointerException at com.microsoft.aad.msal4j.WSTrustResponse.parse(WSTrustResponse.java:74) at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:48) at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:70) at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.processPasswordGrant(AcquireTokenByAuthorizationGrantSupplier.java:98) at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:43) at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59) at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17) at java.util.concurrent.CompletableFuture$AsyncSupply.run(Unknown Source) at java.util.concurrent.CompletableFuture$AsyncSupply.exec(Unknown Source) at java.util.concurrent.ForkJoinTask.doExec(Unknown Source) at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(Unknown Source) at java.util.concurrent.ForkJoinPool.runWorker(Unknown Source) at java.util.concurrent.ForkJoinWorkerThread.run(Unknown Source) Exception in thread "main" java.util.concurrent.CompletionException: java.lang.NullPointerException at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:89) at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17) at java.util.concurrent.CompletableFuture$AsyncSupply.run(Unknown Source) at java.util.concurrent.CompletableFuture$AsyncSupply.exec(Unknown Source) at java.util.concurrent.ForkJoinTask.doExec(Unknown Source) at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(Unknown Source) at java.util.concurrent.ForkJoinPool.runWorker(Unknown Source) at java.util.concurrent.ForkJoinWorkerThread.run(Unknown Source) Caused by: java.lang.NullPointerException at com.microsoft.aad.msal4j.WSTrustResponse.parse(WSTrustResponse.java:74) at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:48) at com.microsoft.aad.msal4j.WSTrustRequest.execute(WSTrustRequest.java:70) at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.processPasswordGrant(AcquireTokenByAuthorizationGrantSupplier.java:98) at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:43) at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59) ... 7 more

From: Avery-Dunn notifications@github.com Sent: Thursday, January 14, 2021 8:14 PM To: Azure-Samples/ms-identity-java-webapp ms-identity-java-webapp@noreply.github.com Cc: Rudy Meyer rmeyer@morpheustechgroup.com; Mention mention@noreply.github.com Subject: Re: [Azure-Samples/ms-identity-java-webapp] ms-identity-java-webapp failing (#70)

@drudymeyerhttps://github.com/drudymeyer : I'm able to reproduce your error: I originally ran the sample directly in IntelliJ and it worked fine, however when I ran it in my separate Tomcat installation I got the same 404 you got. I haven't had that issue before and it's been a while since we've changed anything in the sample, so we're investigating what could be going on.

You said you're using Eclipse, I haven't used that IDE in a while but if there's a way to run the main method of MsalWebSampleApplication I'd suggest giving that a shot (the sample worked for me when I ran it directly in IntelliJ, so maybe it's same for Eclipse).

As for your issues in the other sample: the "token not found in cache" error message is expected, as that sample demonstrates the silent call pattern of "try silent call -> fail -> use another flow", so that's probably not related. However, the first issue you mentioned (the NullPointerException) is caused by the sample using a file loading method that for some reason doesn't find the right path when running as a .jar . I saw that issue in this other samplehttps://github.com/Azure-Samples/ms-identity-java-daemon/pull/9 and I'll make the fix in the actual repo soon, but that sample and that issue is also unrelated to the 404 you're getting in this sample. (if you still want to try running either IWA flow or username-password flow samples for fun though, just change line in setUpSampleData() from properties.load(new FileInputStream(Thread.currentThread().getContextClassLoader().getResource("").getPath() + "application.properties")); to properties.load(Thread.currentThread().getContextClassLoader().getResourceAsStream("application.properties")); )

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/Azure-Samples/ms-identity-java-webapp/issues/70#issuecomment-760579189, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ASO5P76FWT42CFBR4UKIE6LSZ6JF7ANCNFSM4WCVCQAA.

[Avery-Dunn]

@drudymeyer : You were able to run the samples in Eclipse? So there definitely is some issue running these samples in Tomcat, we're looking into it and will update this thread when we're able to investigate it more.

As for the other samples, I've seen that "WsTrust endpoint not found in metadata document" error happen when trying to authenticate with a user that's not in the AD tenant that the app is registered in. For the IWA flow sample you might be trying to authenticate a non-federated user (it doesn't know the active directory the user is in), and for the username-password flow sample the user you're trying to authenticate may not be in the same tenant as the app registration (if you haven't already, try using the username/password of whatever account made the app in Azure. If you are already using that account, there may be something configured incorrectly)

[z4f1r0v]

@Avery-Dunn, I also have a problem with the app. I have followed the README instructions and end up with Session does not contain principal session name. I honestly know not where to go from here. Any suggestions?

[z4f1r0v]

Fixed it. It seems like you must follow the instructions regarding https. Otherwise the authentication flow will not be successful. Sorry but that wasn't obvious from the README of the project.

[Avery-Dunn]

@z4f1r0v : Sorry for the delay, but glad to hear you got it working. I agree that part of the instruction could be clearer (it's a part that hasn't been updated for a while), and I'll be updating it when I get the chance/the next time we make changes to the sample.

[z4f1r0v]

I hear you. Should I make a PR to save you time?

[Avery-Dunn]

@z4f1r0v : Thanks for the offer, but I just got the PR written up: https://github.com/Azure-Samples/ms-identity-java-webapp/pull/74. It should make the HTTPS steps more clear as actual steps in the sample, and not just a side note tacked on after the samples started needing HTTPS.

[josesanches1]

This solution not work with eclipse + tomcat 8.5 and MFA The best solution is https://github.com/Azure-Samples/ms-identity-java-servlet-webapp-authentication java pure and clean, not dependicies of spring