Auth0 Home Blog Docs

Universal login suddenly failing for Azure AD

lock
login
azure-ad

#1

Hi,

I have been using Auth0 legacy plan to allow single-sign-on from our company email addresses. Our old version is running self-hosted Lock 10 and the new version is running Auth0 hosted Lock 11 (universal login with customizations). I’m upgrading to Universal login due to the deprecations planned for July. There are four people who have been logging in this way but starting today (2018-05-31), we cannot login to our application anymore. Both the self-hosted Lock 10 and Universal login Lock 11 versions are affected.

From the Auth0 logs I see this error:

    `Occurred  an hour agoat 2018-05-31 11:20:51.917 UTC
    Type  Failed Login
    Description Manual OpenID configuration is missing required parameter(s) - issuer
    Connection  mycompany-waad
    Application 
    User  
    Raw
    Context Data
    {
      "date": "2018-05-31T11:20:51.917Z",
      "type": "f",
      "description": "Manual OpenID configuration is missing required parameter(s) - issuer",
      "connection": "mycompany-waad",
      "connection_id": "",
      "ip": "62.71.214.240",
      "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36",
      "details": {
        "body": {},
        "qs": {
          "client_id": "MfZCfvsgwmfIbepl3I2BHB1GhkCak1cu",
          "response_type": "code",
          "redirect_uri": "https://demo.myproduct.com/signin-auth0",
          "state": "yaxUIXieOZAITBcIyo3Ykdul8DoRjSji",
          "connection": "mycompany-waad",
          "login_hint": "jussi.mattila@mycompany.com",
          "sso": "false",
          "_intstate": "deprecated",
          "_csrf": "BIPFNOuX-f8vE4x5f_0y2F-Itbv35c6yooj8",
          "audience": "https://myproduct-dev-eu.eu.auth0.com/userinfo",
          "scope": "openid email profile",
          "protocol": "oauth2",
          "language": "en",
          "login_message": "null",
          "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS42LjAiLCJsaWJfdmVyc2lvbiI6IjkuNS4wIn0="
        },
        "connection": "mycompany-waad",
        "error": {
          "message": "Manual OpenID configuration is missing required parameter(s) - issuer",
          "oauthError": "access_denied",
          "type": "oauth-authorization"
        }
      },
      "hostname": "myproduct-dev-eu.eu.auth0.com",
      "log_id": "90020180531112051918654852950845704913440016737390034994"
    }`

Can you explain what is it that I’m doing wrong? Since updating to Lock 11, I’ve not seen deprecation warnings in the logs. I have not modified the application or Auth0 configuration, but things are still broken as of today. What is going on and how can I get login working again?

Regards,

  • Jussi

#2

Sorry about the formatting. The error is:

"description": "Manual OpenID configuration is missing required parameter(s) - issuer"

And the whole error log looks like this:

Occurred  an hour agoat 2018-05-31 11:20:51.917 UTC
Type  Failed Login
Description Manual OpenID configuration is missing required parameter(s) - issuer
Connection  mycompany-waad
Application 
User  
Raw
Context Data
{
  "date": "2018-05-31T11:20:51.917Z",
  "type": "f",
  "description": "Manual OpenID configuration is missing required parameter(s) - issuer",
  "connection": "mycompany-waad",
  "connection_id": "",
  "ip": "62.71.214.240",
  "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36",
  "details": {
    "body": {},
    "qs": {
      "client_id": "MfZCfvsgwmfIbepl3I2BHB1GhkCak1cu",
      "response_type": "code",
      "redirect_uri": "https://demo.myproduct.com/signin-auth0",
      "state": "yaxUIXieOZAITBcIyo3Ykdul8DoRjSji",
      "connection": "mycompany-waad",
      "login_hint": "jussi.mattila@mycompany.com",
      "sso": "false",
      "_intstate": "deprecated",
      "_csrf": "BIPFNOuX-f8vE4x5f_0y2F-Itbv35c6yooj8",
      "audience": "https://myproduct-dev-eu.eu.auth0.com/userinfo",
      "scope": "openid email profile",
      "protocol": "oauth2",
      "language": "en",
      "login_message": "null",
      "auth0Client": "eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS42LjAiLCJsaWJfdmVyc2lvbiI6IjkuNS4wIn0="
    },
    "connection": "mycompany-waad",
    "error": {
      "message": "Manual OpenID configuration is missing required parameter(s) - issuer",
      "oauthError": "access_denied",
      "type": "oauth-authorization"
    }
  },
  "hostname": "myproduct-dev-eu.eu.auth0.com",
  "log_id": "90020180531112051918654852950845704913440016737390034994"
}

#3

Hmm, okay, good. Things are back to normal and everything is working again!

But can someone explain what happened and is there something I should do to prevent this from happening again?

Best regards,

  • Jussi

#4

Sorry for the delay here. So through a housekeeping review of our integrations, we updated some of them which introduced an issue when verifying id_tokens in the openidc integration with Azure ID. This only affected preview environments and the change was reverted.


#5

Ok, good to know, thank for the info!

  • Jussi