Azure SSO redirects 10-15 times and then throws error

Copper Contributor

I am having a issue with a server (let's call it X) with Azure SSO authentication.

What happens is :

  1. I enter the website address in chrome and it redirects me to login.microsoftonline.com and asks me for credentials
  2. After I enter the credentials it redirects a few times (the page refreshes) and after that i get this error

The user that I am using to log in has the rights to the app created in Azure Ad.

I tried the same code on my local machine in debug mode and works perfectly. I also tried deploying on another server (let's call this one Y) and there also everything works as expected.

Any idea what's wrong with server X ?

I am using OpenId Connect authentication on a .Net MVC app.

public void ConfigureSsoAuth(IAppBuilder app)
{
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = "Cookies"
    });

    _ = app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        ClientId = ClientIdSso,
        Authority = AuthoritySso,
        PostLogoutRedirectUri = RedirectUriSso,
        RedirectUri = RedirectUriSso,
        ResponseType = OpenIdConnectResponseType.CodeIdToken,
        Scope = OpenIdConnectScope.OpenIdProfile,
        SignInAsAuthenticationType = "Cookies",
        AuthenticationMode = AuthenticationMode.Active,
        ProtocolValidator = new OpenIdConnectProtocolValidator
        {
            RequireStateValidation = false
        },

        Notifications = new OpenIdConnectAuthenticationNotifications
        {
            RedirectToIdentityProvider = (context) =>
            {
                WriteToFile("1 - RedirectToIdentityProvider");
                return Task.FromResult(0);
            },
            MessageReceived = (context) =>
            {
                WriteToFile("2 - MessageReceived");
                return Task.FromResult(0);
            },
            SecurityTokenReceived = (context) =>
            {
                WriteToFile("3 - SecurityTokenReceived");
                return Task.FromResult(0);
            },
            SecurityTokenValidated = (context) =>
            {
                WriteToFile("4 - SecurityTokenValidated");
                return Task.FromResult(0);
            },
            AuthorizationCodeReceived = (context) =>
            {
                WriteToFile("5 - AuthorizationCodeReceived");
                return Task.FromResult(0);
            },
            AuthenticationFailed = (context) =>
            {
                WriteToFile("6 - AuthenticationFailed");
                return Task.FromResult(0);
            },
        }

    });
}

I also tried writing the notifications callbacks in a file and on server X I only get:

1 - RedirectToIdentityProvider
1 - RedirectToIdentityProvider
1 - RedirectToIdentityProvider
1 - RedirectToIdentityProvider
...

On the other hand, using the same code (and of course change the redirect URI) when I tested on my local machine in debug mode or on server Y I get:

1 - RedirectToIdentityProvider
2 - MessageReceived
3 - SecurityTokenReceived
4 - SecurityTokenValidated
5 - AuthorizationCodeReceived
2 Replies
are you trying to login into application same server(server x)?. if yes it might me an issue with browser as well, also you might be having multiple AAD tenants on same accounts, I suggest clear browser cache , also clear all sessions logout on server x and try to login again to application.

@lakshmikanthki tried that already. I tried to connect from server x and from other server/my workstation. I don't think its a browser or AAD tenants issue because when i place the exact same code on server y and i try to connect to that one it works like a charm(doesn't matter if i clear browser cache or not and i can connect from server x, y or my workstation).