Closed h3rmanj closed 4 years ago
@manoj-rath / @rohitnarula7176 , could you review? Any solutions?
Workaround:
onLoad
to redirect to the prompt=login
site. This bug is fixed in msal js
, or you can use the workaround stated by JonasKs. Closing this as it looks like the problem is solved.
All current authentication work from Microsoft is delivered through the msal js
library here. adal js
is still supported only for security fixes. We recommend moving to msal js
for any advanced feature requests and bugfixes.
I'm submitting a...
Browser:
Library Name
Library version
Library version: 1.0.17
Current behavior
Please note that we are using ADFS. In our environment, each employee can have multiple users in AD, with different permission levels. This means that we would like to disable SSO, and let the user them self log in with the correct user. Disabling SSO and asking for a prompt can be done by adding this to the config:
If the user click Sign on as current user, the user will be signed in as
UserA
(using SSO). However, if the user logs in with another user, such as usernameUserB
, this works and theid_token
returned is correct. When we try to acquire token for an API, SSO seems to take over, and fetchesUserA
'saccess_token
. This does not occur in Firefox, where theaccess_token
is correct, forUserB
.Expected behavior
If signed in as
UserB
, theaccess_token
should also be fromUserB
and notUserA
in Chrome.Minimal reproduction of the problem with instructions
Add this to the config:
Try logging in with another user than your SSO user, then acquire an access token. Check the
access_token
swinaccountname
.