Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AADSTS90019: No tenant-identifying information found in either the request or implied by any provided credentials

Hi i want to implement the Office365 SSO login. I've created an account and following now this documentation: https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx

I'm at the point where i got the code and now want to implement "Use the Authorization Code to Request an Access Token"

But i get an error: AADSTS90019: No tenant-identifying information found in either the request or implied by any provided credentials.

Here is an detailed log of my call:

http-bio-8080-exec-10 29/06/2015 14:45:37,496 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "POST /common/oauth2/token HTTP/1.1[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,496 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "Content-Length: 810[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,497 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,497 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "Host: login.microsoftonline.com[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,498 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "Connection: Keep-Alive[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,499 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "User-Agent: Apache-HttpClient/4.3.5 (java 1.5)[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,499 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "Accept-Encoding: gzip,deflate[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,500 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,501 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 >> "client_id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2FXXXXXXXXX%2FREST%2FUser%2Foffice&client_secret=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&code=XXXXXXXXXXXXXXXXXXX&grant_type=authorization_code"
http-bio-8080-exec-10 29/06/2015 14:45:37,570 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "H"
http-bio-8080-exec-10 29/06/2015 14:45:37,571 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "TTP/1.1 400 Bad Request[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,572 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Cache-Control: no-cache, no-store[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,572 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Pragma: no-cache[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,573 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Content-Type: application/json; charset=utf-8[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,573 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Expires: -1[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,574 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Server: Microsoft-IIS/8.5[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,575 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "x-ms-request-id: c7702631-895c-4c6c-bad1-691ced9259f5[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,575 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "x-ms-gateway-service-instanceid: ESTSFE_IN_3[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,576 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "X-Content-Type-Options: nosniff[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,576 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,577 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,578 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Set-Cookie: flight-uxoptin=true; path=/; secure; HttpOnly[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,578 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Set-Cookie: x-ms-gateway-slice=productiona; path=/; secure; HttpOnly[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,579 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Set-Cookie: stsservicecookie=ests; path=/; secure; HttpOnly[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,580 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "X-Powered-By: ASP.NET[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,580 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Date: Mon, 29 Jun 2015 12:45:48 GMT[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,581 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "Content-Length: 501[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,581 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "[\r][\n]"
http-bio-8080-exec-10 29/06/2015 14:45:37,582 | DEBUG | org.apache.http.wire | wire | http-outgoing-3 << "{"error":"invalid_request","error_description":"AADSTS90019: No tenant-identifying information found in either the request or implied by any provided credentials.\r\nTrace ID: c7702631-895c-4c6c-bad1-691ced9259f5\r\nCorrelation ID: bd641f9d-9982-4808-b7ba-95d3dc0ba8d9\r\nTimestamp: 2015-06-29 12:45:49Z","error_codes":[90019],"timestamp":"2015-06-29 12:45:49Z","trace_id":"c7702631-895c-4c6c-bad1-691ced9259f5","correlation_id":"bd641f9d-9982-4808-b7ba-95d3dc0ba8d9","submit_url":null,"context":null}"

This is how i configured the APP

enter image description here

like image 697
wutzebaer Avatar asked Jun 30 '15 07:06

wutzebaer


1 Answers

The account used in your case is a Microsoft Account and not an Organizational Account / AAD Account. Unfortunately, Microsoft Accounts do not work at the common endpoint. If the Microsoft Account is a guest in an Azure AD tenant, then you can put that tenant name in the authority endpoint, in place of 'common', and that should work. Obviously you must know the tenant you want ahead of time.

You can run in to a similar issue when using an Organizational Account. If the Organizational Account is a guest in another tenant, or multiple tenants, then you must specify the specific tenant that you want the token issued by.

like image 100
Rich Randall Avatar answered Nov 02 '22 09:11

Rich Randall