Closed jeffreykey closed 6 years ago
jeffreykey
commented
7 years ago Update: I just (accidentally) tried using Azure Active Directory login while signed into a different Microsoft account. I got an error page @ login.microsoftonline.com, so the request is getting processed correctly on Microsoft's servers. It looks like the issue is when the call gets back to TeamCity.
ghost
commented
7 years ago @jeffreykey try to enable debug-all preset and look into teamcity-server.log Search for logs produced by AADAuthenticationScheme
jeffreyBT
commented
6 years ago I am having this same issue. Has it been resolved?
jonmill
commented
6 years ago I was hitting this problem too; the solution was to remove the 'v2.0' version from the OAuth endpoint. The endpoint that works for me is:
https://login.microsoftonline.com/[tenantId]/oauth2/authorize
dtretyakov
commented
6 years ago Correct OAuth 2.0 authorization endpoint value could retrieved from on the Azure Portal at the App registration page by clicking on Endpoints button:
@jeffreyBT, what options do you have enabled for Microsoft Azure Active Directory authentication module? Did you checked 'Allow creating new users on the first login' / 'Allow matching users by Email' ?
If user details from Azure AD were not matched by e-mail with existing TeamCity user and new users creation is disabled the you will be returned to the /login.html page back. Take a look at the description: https://github.com/JetBrains/teamcity-azure-active-directory#how-it-works
TeamCity v9.1.6 (and 9.1.7)
I believe I've set up TeamCity and Azure AD correctly, but whenever I click the link above, it sends me to login.microsoftonline.com/...., which then redirects back to the login page.
I've set the active logging preset to debug-auth. Here's what I'm seeing in teamcity-auth:
Any ideas? Is there anything else I can do to try to diagnose what is/isn't happening?