Universal login suddenly failing for Azure AD

mattilaj · May 31, 2018, 12:11pm

Hi,

I have been using Auth0 legacy plan to allow single-sign-on from our company email addresses. Our old version is running self-hosted Lock 10 and the new version is running Auth0 hosted Lock 11 (universal login with customizations). I’m upgrading to Universal login due to the deprecations planned for July. There are four people who have been logging in this way but starting today (2018-05-31), we cannot login to our application anymore. Both the self-hosted Lock 10 and Universal login Lock 11 versions are affected.

From the Auth0 logs I see this error:

    `Occurred  an hour agoat 2018-05-31 11:20:51.917 UTC
    Type  Failed Login
    Description Manual OpenID configuration is missing required parameter(s) - issuer
    Connection  mycompany-waad
    Application 
    User  
    Raw
    Context Data
    {
      "date": "2018-05-31T11:20:51.917Z",
      "type": "f",
      "description": "Manual OpenID configuration is missing required parameter(s) - issuer",
      "connection": "mycompany-waad",
      "connection_id": "",
      "ip": "62.71.214.240",
      "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36",
      "details": {
        "body": {},
        "qs": {
          "client_id": "MfZCfvsgwmfIbepl3I2BHB1GhkCak1cu",
          "response_type": "code",
          "redirect_uri": "https://demo.myproduct.com/signin-auth0",
          "state": "yaxUIXieOZAITBcIyo3Ykdul8DoRjSji",
          "connection": "mycompany-waad",
          "login_hint": "jussi.mattila@mycompany.com",
          "sso": "false",
          "_intstate": "deprecated",
          "_csrf": "BIPFNOuX-f8vE4x5f_0y2F-Itbv35c6yooj8",
          "audience": "https://myproduct-dev-eu.eu.auth0.com/userinfo",
          "scope": "openid email profile",
          "protocol": "oauth2",
          "language": "en",
          "login_message": "null",
          "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS42LjAiLCJsaWJfdmVyc2lvbiI6IjkuNS4wIn0="
        },
        "connection": "mycompany-waad",
        "error": {
          "message": "Manual OpenID configuration is missing required parameter(s) - issuer",
          "oauthError": "access_denied",
          "type": "oauth-authorization"
        }
      },
      "hostname": "myproduct-dev-eu.eu.auth0.com",
      "log_id": "90020180531112051918654852950845704913440016737390034994"
    }`

Can you explain what is it that I’m doing wrong? Since updating to Lock 11, I’ve not seen deprecation warnings in the logs. I have not modified the application or Auth0 configuration, but things are still broken as of today. What is going on and how can I get login working again?

Regards,

Jussi

mattilaj · May 31, 2018, 12:12pm

Sorry about the formatting. The error is:

"description": "Manual OpenID configuration is missing required parameter(s) - issuer"

And the whole error log looks like this:

Occurred  an hour agoat 2018-05-31 11:20:51.917 UTC
Type  Failed Login
Description Manual OpenID configuration is missing required parameter(s) - issuer
Connection  mycompany-waad
Application 
User  
Raw
Context Data
{
  "date": "2018-05-31T11:20:51.917Z",
  "type": "f",
  "description": "Manual OpenID configuration is missing required parameter(s) - issuer",
  "connection": "mycompany-waad",
  "connection_id": "",
  "ip": "62.71.214.240",
  "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36",
  "details": {
    "body": {},
    "qs": {
      "client_id": "MfZCfvsgwmfIbepl3I2BHB1GhkCak1cu",
      "response_type": "code",
      "redirect_uri": "https://demo.myproduct.com/signin-auth0",
      "state": "yaxUIXieOZAITBcIyo3Ykdul8DoRjSji",
      "connection": "mycompany-waad",
      "login_hint": "jussi.mattila@mycompany.com",
      "sso": "false",
      "_intstate": "deprecated",
      "_csrf": "BIPFNOuX-f8vE4x5f_0y2F-Itbv35c6yooj8",
      "audience": "https://myproduct-dev-eu.eu.auth0.com/userinfo",
      "scope": "openid email profile",
      "protocol": "oauth2",
      "language": "en",
      "login_message": "null",
      "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS42LjAiLCJsaWJfdmVyc2lvbiI6IjkuNS4wIn0="
    },
    "connection": "mycompany-waad",
    "error": {
      "message": "Manual OpenID configuration is missing required parameter(s) - issuer",
      "oauthError": "access_denied",
      "type": "oauth-authorization"
    }
  },
  "hostname": "myproduct-dev-eu.eu.auth0.com",
  "log_id": "90020180531112051918654852950845704913440016737390034994"
}

mattilaj · May 31, 2018, 12:22pm

Hmm, okay, good. Things are back to normal and everything is working again!

But can someone explain what happened and is there something I should do to prevent this from happening again?

Best regards,

Jussi

jerdog · June 1, 2018, 1:04pm

Sorry for the delay here. So through a housekeeping review of our integrations, we updated some of them which introduced an issue when verifying id_tokens in the openidc integration with Azure ID. This only affected preview environments and the change was reverted.

mattilaj · June 4, 2018, 11:39am

Ok, good to know, thank for the info!

Jussi

Topic		Replies	Views
Missing client parameter - can we improve this error message? Help	4	4603	August 29, 2019
Parameter organization is required for this client issue with django + Azure AD Help login , azure-ad , django	0	3335	September 22, 2021
Universal login broken for third party application? Help	6	3314	January 8, 2020
Oops!, something went wrong Help identifier-first , login-experience	8	3425	March 31, 2023
Previously working, now logins failing Help	3	3447	August 26, 2019

Universal login suddenly failing for Azure AD

Related topics