State on URL is too long for Azure AD #407
Comments
For anyone else finding this issue, I found the resolution from another user's fork of the repository. Basically, you need to cache the state, and provide a different State Format. In Startup.cs do this:
then in OpenIdConnectOptions set the property here is the code for the CachedPropertiesDataFormat class namespace QuickstartIdentityServer.Authentication
}` |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
When using Azure AD as a federated provider, the state querystring is too long to return with the claims. It does seem to be an issue more on Azure's side, but is there an easy way to make the state shorter? this is the config I'm using in Startup.cs on the IdentityServer in QuickStart4_ExternalAuthentication. Google works fine, but adding this for Azure AD fails:
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions { DisplayName = "Azure AD", SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme, SignOutScheme = IdentityServerConstants.SignoutScheme, ClientId = "XXXXXXXXXXXXXXXXXXXXXXXXXXX", ClientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXX", Authority = string.Format(CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}{1}", "common", "/v2.0"), ResponseType = OpenIdConnectResponseType.IdToken, PostLogoutRedirectUri = "https://localhost:44326/", Events = new OpenIdConnectEvents { OnRemoteFailure = OnAuthenticationFailed, } });
the same config works fine in a plain MVC app. Also, if I remove the state from the URL, Azure AD finishes the auth and redirects me back without issue. But of course IdentityServer can't process it without a state parameter.
The text was updated successfully, but these errors were encountered: