Dear Members,
Issue Description: I’m setting up Social Authentication login via Microsoft using OIDC out of the box functionality of ForgeRock identity Cloud and setup the configuration as directed by documentation and I can see that FIDC get the id_token and access_token in debug window of journey but on the FIDC login page it displays error " Login Failure".
In frodo logs, it shows below:
-
“401 unauthorized”
-
nodeoutcome=NO_ACCOUNT
-
User is already existing in FIDC and also the script “Normalized to Managed User” shows that mail and user name.
We are just stuck here and does not know how to proceed and look further as this OOTB feature is expected to work quite smoothly. Looks like there is something missing which is very small and my eyes cant find it.
Your help in resolving this with your expert advice would be really appreciated!
Thank You,
Tanu
Hi Tanu,
Welcome to the Community!
Thank you for the details where you see the id_token and access_token are received as shown in the debug window.
Please let me know if the following integration article is the documentation you followed to set up Social Authentication with Microsoft.
Thank you,
Sheila
After lot of troubleshooting we realised, this happens when the scope “User.read” is not added. And User.read does not work with certain tenants like outlook.com / microsoftlive
Could you please let me know if you have any idea for any alternate way to get User without User.read scope to be required to be added.
Have you looked at
What AM likely needs is email openid and profile since AM is function as just OAuth.
2 Likes
Just to let you know this has been fixed in Forgerock Identity Cloud - when you want to use Custom Social Provider handler for Microsoft instead of Standard template.
1 Like