Error 400 Bad request when integrate with AzureAD
Answered
Hi,
While trying to integrate test instance on local machine with AzureAD, I'm getting error 400 Bad request. Also I've noted that using SAML-tracer, no SAML documents are transferred like it has place in for example Artifactory authentication using the same azure.
We've already tested configuration for both regular Enterprise application and with Proxy. Without any luck.
How can this issue be deeper troubleshooted?
Info about platform:
OS: Windows Server 2019
TC version: 2020.1.3
Azure Plugin version: 0.7.0 (previously tested on older with same result)
What get us confused that there is no possibility to provide certificate for SAML configuration - how exactly this plugin integrates with AzureAD?
Please sign in to leave a comment.
Hello!
Am I correct to assume that this one (https://github.com/JetBrains/teamcity-azure-active-directory) is the plugin in question?
The linked plugin uses oAuth 2.0 instead of SAML; could you please let me know if the web application on the Azure side is configured to use oAuth?
You are correct in Your assumption about Plugin. Also truth to be told - we've missed the detail about oAuth 2.0. And unfortunately Azure application is set to use SAML... As I personally cannot reconfigure it, for any reconfiguration on Azure site I will need to wait until tomorrow morning, when Azure admin will be able to assist me. In meantime - Are there any details that we should have in mind for this configuration or troubleshooting methods beforehand? Or this already should work once we use oAuth2 instead of SAML?
Best regards
Hello!
From what I could see, the only known issues are related to CORS (and are listed here: https://github.com/JetBrains/teamcity-azure-active-directory#known-issues). Otherwise, if you spot an issue with authentication, please set debug-auth logging preset on Administration | Diagnostics | Troubleshooting tab, try to log in again and check the resulting teamcity-auth.log in the <TC Server>/logs folder. Alternatively, please upload the log to https://uploads.jetbrains.com and share the upload ID here, so I will try to assist.