search

microsoft / azure-spring-boot

Spring Boot Starters for Azure services
MIT License
374 stars 460 forks source link

Enabling Azure Oauth2 login alongside Google login #848

Closed roshanp closed 3 years ago

roshanp commented 4 years ago

Environment

Summary

I am writing a web app that would allow single sign on from the baseline spring security oauth2 providers: Github, Google. In addition, I am adding Azure Active Directory login as well. Both the Github and Azure AAD login work perfectly. However, when I try to login with Google I get the following stack trace:

com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS50013: Assertion failed signature validation. [Reason - The key was not found.]\r\nTrace ID: 50531205-1535-42e5-b494-cd98827b7f01\r\nCorrelation ID: 79e7fd22-39be-46ac-97d8-f3feaadfeed5\r\nTimestamp: 2020-03-18 15:57:25Z","error":"invalid_grant","error_uri":"https:\/\/login.microsoftonline.com\/error?code=50013"}
        at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:129) ~[adal4j-1.6.4.jar:1.6.4]
        at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:930) ~[adal4j-1.6.4.jar:1.6.4]
        at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:70) ~[adal4j-1.6.4.jar:1.6.4] 
        at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:38) ~[adal4j-1.6.4.jar:1.6.4]
        at com.microsoft.aad.adal4j.AdalCallable.call(AdalCallable.java:47) ~[adal4j-1.6.4.jar:1.6.4]
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na] 
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker

Reproduce steps

Run a spring boot security webapp and enable Google and Azure login. Here is my application.yaml

azure:
  activedirectory:
    tenant-id: ...
    active-directory-groups: ...
spring:
  security:
    oauth2:
      client:
        registration:
          github:
            clientId: ...
            clientSecret: ...
          google:
            client-id: ...
            client-secret: ...
          azure:
            client-id: ...
            client-secret: ...

Expected Results

I expected that the Google login would not affect the Azure login

Actual Results

The Google login fails because it is trying to validate a certificate with Azure... Maybe?

superrdean commented 4 years ago

Hi: @roshanp

Could you help provide the minimal samples for me to reproduce the exceptions?

roshanp commented 4 years ago

Sure! I am attaching the project I built with. You will need to get credentials for the google/azure client-id/secrets. Thank you for looking into it! Tell me if there is anything else you need. multi-auth-test.zip

superrdean commented 4 years ago

@roshanp Ok, received, will look into it soon.

nikhilingole commented 4 years ago

I too have been facing a similar issue with AADAppRoleStatelessAuthenticationFilter. Has there been any updates to this? Any workaround that has been found?

saragluna commented 4 years ago

@nikhilingole

Does Azure Active Directory B2C fit in your scenario?

nikhilingole commented 4 years ago

@saragluna - No. we are using Azure B2B - the similarity here is in using 2 or more Authentication providers. I have raised a different ticket to elaborate this - https://github.com/microsoft/azure-spring-boot/issues/871

saragluna commented 4 years ago

@nikhilingole Got it.

chenrujun commented 3 years ago

Closing this issue. Because it's not active for a long time. If anyone have similar issue, please create issue in new repo: https://github.com/Azure/azure-sdk-for-java/issues