search

JetBrains / teamcity-azure-active-directory

TeamCity plugin which supports authentication via Microsoft Azure Active Directory
Apache License 2.0
26 stars 19 forks source link

Implicit grant - ID tokens required #43

Open hobpet opened 5 years ago

hobpet commented 5 years ago

Documentation shall be updated to include a note that the ID tokens must be enabled under the Implicit Grant of the Azure AD Application. This setting is under the Authentication tab of the application configuration.

Yamazaki93 commented 2 years ago

I second this. We literally spent hours on this issue alone without any clue what was happening. Nowhere in the documentation mentioned this needs to be done after registration and it wasn't presented as an option during registration of the application in AAD, maybe Azure changed their UI?

For those who are probably stuck, the symptom for us presented itself as (in our setup, we allow creating a new user via AAD, explicitly select the "Login" option under the plugin's setting "Prompt Type"):

  1. The AAD Login page appears after clicking "Login With Azure Active Directory" on TC's login page.
  2. After successfully completing the AAD login, the user gets redirected back to the TC's login page without any message.

We only discovered this after using the browser's developer tool to catch a response that says "id_token not enabled"