Comments (2)
I figured this out after some calls with Microsoft and working with one of our Azure Global Admins:
After SSO is setup, the application needs to be ‘trusted’ by an Azure AD Global Admin, if all internal users will use the application as an authenticated user. Otherwise, each of your users will need to choose to trust the application on first use. The Global Admin can setup trust on behalf of all users by executing a special URL for your application:
Sample URL deconstructed:
https://login.windows.net/common/oauth2/authorize?response_type=code&resource=https%3A%2F%2Fgraph.windows.net&
This part logs into Azure and sets the stage for asking for access to graph.windows.net (AKA Graph API/Azure AD)
client_id=########-####-####-####-############&
This part is the client ID setup in the Azure Active Directory ‘Applications’ configuration, unique to each app we register to Azure AD.
prompt=admin_consent&
This part prompts the Azure AD Admin to grant, on behalf of all users, permission to read the user profile from Azure AD
redirect_uri=https%3A%2F%2F[WWW.YOURDOMAIN.COM]%2Fwp-login.php
This is the URI to which Azure AD will redirect the user-agent in response to an OAuth 2.0 request.
from aad-sso-wordpress.
I'm actually going to re-open the issue as a bug, since we really do need to provide better guidance on the option to provide admin consent to the app. Thanks for bringing it up!
from aad-sso-wordpress.
Related Issues (20)
- Error when signing in - "Session does not contain antiforgery ID." #200 HOT 8
- User token? HOT 2
- Wrong redirect URL HOT 4
- One user unable to auth to WordPress HOT 1
- Is this repository active? HOT 2
- Support for OAuth2 Authorization Code Flow HOT 3
- Implement support for PKCE
- Retirement of basic authentication HOT 2
- Session does not contain antiforgery ID HOT 1
- PHP 8.1: PHP Deprecated: Implicit conversion from float 9615.9 to int loses precision HOT 2
- Slowing down site HOT 3
- I get Session does not contain antiforgery ID when logging in HOT 2
- No request found for this application. HOT 1
- You do not have permission to view this directory or page. HOT 8
- Too many redirect URL error HOT 2
- Getting error "Session does not contain antiforgery ID" HOT 5
- How to refresh Access Token? HOT 1
- Fetching Azure Userdata HOT 3
- Deprecation notice in PHP 8.1/8.2 HOT 7
- Fixes in README
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aad-sso-wordpress.