Closed jaik-s closed 6 months ago
We unfortunately don't provide support or debugging assistance for ADFS - if you're able to find a little more information to determine why the ADFS server is throwing e.g. wrong or missing parameter we can provide guidance to help unblock. I would suggest looking at the network trace to see specifically what is being sent in the POST
@jaik-s This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.
Core Library
MSAL.js (@azure/msal-browser)
Core Library Version
3.3.0
Wrapper Library
MSAL Angular (@azure/msal-angular)
Wrapper Library Version
3.0.6
Public or Confidential Client?
Public
Description
I've configured MSAL with angular application with ProtocolMode OIDC for ADFS Authentication.
As soon as I open the application, ADFS Authentication will be prompted after with valid credentials I get redirected to application URI but I get loginFailure, POST https://sso9.example.com/adfs/oauth2/token/ 400 (Bad Request) and also ERROR ServerError: invalid_client: undefined - [undefined]: MSIS9622: Client authentication failed. Please verify the credential provided for client authentication is valid. - Correlation ID: undefined - Trace ID: undefined
ADFS is configured with client ID and secret for this application.
Need your assistance to know if I've missed anything
Error Message
No response
MSAL Logs
[webpack-dev-server] Server started: Hot Module Replacement disabled, Live Reloading enabled, Progress disabled, Overlay enabled. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - BrowserCrypto: modern crypto interface available app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - Event callback registered with id: 38f717fe-c95c-4930-b48b-5d345d124378 app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - getAllAccounts called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found app.component.ts:265 [] app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - getAllAccounts called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - Adding account storage listener. app.component.ts:257 logged user core.mjs:26546 Angular is running in development mode. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-angular@3.0.9 : Verbose - MsalRedirectComponent activated app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Info - Emitting event: msal:initializeStart app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - Emitting event to callback 38f717fe-c95c-4930-b48b-5d345d124378: msal:initializeStart app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - Claims-based caching is disabled. Clearing the previous cache with claims app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - BrowserCacheManager.getTokenKeys - No token keys found core.mjs:26546 Angular is running in development mode. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Info - Emitting event: msal:initializeEnd app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - Emitting event to callback 38f717fe-c95c-4930-b48b-5d345d124378: msal:initializeEnd app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - handleRedirectPromise called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - getAllAccounts called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Info - Emitting event: msal:handleRedirectStart app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - Emitting event to callback 38f717fe-c95c-4930-b48b-5d345d124378: msal:handleRedirectStart app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-angular@3.0.9 : Verbose - BroadcastService - msal:handleRedirectStart results in setting inProgress from startup to handleRedirect app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - handleRedirectPromise has been called for the first time, storing the promise app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - initializeServerTelemetryManager called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - getRedirectResponseHash called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - Hash contains known properties, returning response hash app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - Current page is loginRequestUrl, handling response app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - handleResponse called, retrieved cached request app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - Attempting to get cloud discovery metadata from authority configuration app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - Found cloud discovery metadata in authority configuration app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - Attempting to get endpoint metadata from authority configuration app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - Authority.getEndpointMetadataFromNetwork: attempting to retrieve OAuth endpoints from https://sso9.example.com/adfs/.well-known/openid-configuration app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-angular@3.0.9 : Verbose - Guard - canActivate app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-angular@3.0.9 : Verbose - MSAL Guard activated app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Info - initialize has already been called, exiting early. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Info - initialize has already been called, exiting early. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - handleRedirectPromise called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - getAllAccounts called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - handleRedirectPromise has been called previously, returning the result from the first call app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-angular@3.0.9 : Verbose - Guard - canActivate app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-angular@3.0.9 : Verbose - MSAL Guard activated app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Info - initialize has already been called, exiting early. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Info - initialize has already been called, exiting early. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - handleRedirectPromise called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - getAllAccounts called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - handleRedirectPromise has been called previously, returning the result from the first call :3000/#/:1 Refused to apply style from 'https://fonts.googleapis.com/css2?family=Roboto:wght@300;400[_ngcontent-ng-c1050399927];500&display=swap' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled. :3000/#/:1 Refused to apply style from 'https://fonts.googleapis.com/css2?family=Poppins:wght@300;400[_ngcontent-ng-c1050399927];500[_ngcontent-ng-c1050399927];600[_ngcontent-ng-c1050399927];700[_ngcontent-ng-c1050399927];800&display=swap' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled. 8Third-party cookie will be blocked. Learn more in the Issues tab. app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [f15d8bc0-b8fd-469b-8287-893c927d00ec] : msal.js.browser@3.6.0 : Verbose - RedirectHandler.handleCodeResponse called zone.js:1498
(anonymous) @ zone.js:1498 app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Info - Emitting event: msal:loginFailure app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - Emitting event to callback 38f717fe-c95c-4930-b48b-5d345d124378: msal:loginFailure app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Info - Emitting event: msal:handleRedirectEnd app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - Emitting event to callback 38f717fe-c95c-4930-b48b-5d345d124378: msal:handleRedirectEnd app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-angular@3.0.9 : Verbose - BroadcastService - msal:handleRedirectEnd results in setting inProgress from handleRedirect to none app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - getAllAccounts called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found app.component.ts:265 [] app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - getAllAccounts called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - getAllAccounts called app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-browser@3.6.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-angular@3.0.9 : Error - Guard - error while logging in, unable to activate app.module.ts:62 [Thu, 22 Feb 2024 09:49:37 GMT] : [] : @azure/msal-angular@3.0.9 : Verbose - Guard - loginFailedRoute set, redirecting :3000/#/lov:1 [Intervention] Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://fonts.gstatic.com/s/oxygen/v15/2sDfZG1Wl4LcnbuKjk0m.woff2 core.mjs:11483 ERROR ServerError: invalid_client: undefined - [undefined]: MSIS9622: Client authentication failed. Please verify the credential provided for client authentication is valid. - Correlation ID: undefined - Trace ID: undefined at ResponseHandler.validateTokenResponse (ResponseHandler.mjs:89:33) at AuthorizationCodeClient.mjs:70:25 at Generator.next ()
at asyncGeneratorStep (asyncToGenerator.js:3:1)
at _next (asyncToGenerator.js:22:1)
at _ZoneDelegate.invoke (zone.js:368:26)
at Object.onInvoke (core.mjs:11018:33)
at _ZoneDelegate.invoke (zone.js:367:52)
at Zone.run (zone.js:129:43)
at zone.js:1257:36
Network Trace (Preferrably Fiddler)
MSAL Configuration
Relevant Code Snippets
Reproduction Steps
Expected Behavior
The expected behaviour is to have loginSuccess without any other issues and come to home page with logged in user info
Identity Provider
ADFS
Browsers Affected (Select all that apply)
Chrome, Firefox, Edge, Safari
Regression
No response
Source
External (Customer)