Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-4966

Azure Directory throws The user or administrator has not consented to use the application with ID

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a bug
    • Icon: Low Low
    • None
    • 3.0.0
    • Documentation
    • None

      Summary

      When connecting to Microsoft Azure directory, Crowd receives the error

      2017-08-22 07:34:44,696 http-bio-8095-exec-6 INFO [microsoft.aad.adal4j.AuthenticationAuthority] [Correlation ID: 123456789-abcd-abcd-abcd-123456780ab] Instance discovery was successful
2017-08-22 07:34:45,595 http-bio-8095-exec-6 INFO [microsoft.aad.adal4j.UserDiscoveryRequest] [Correlation ID: null] Sent (null) Correlation Id is not same as received (null).
2017-08-22 07:34:45,645 http-bio-8095-exec-6 INFO [microsoft.aad.adal4j.AuthenticationAuthority] [Correlation ID: 123456789-abcd-abcd-abcd-123456780ab] Instance discovery was successful
2017-08-22 07:34:46,095 http-bio-8095-exec-6 ERROR [microsoft.aad.adal4j.AuthenticationContext] [Correlation ID: 123456789-abcd-abcd-abcd-123456780ab] Request to acquire token failed.
com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID '12345678-1234-abcd-efab-123456789abc'. Send an interactive authorization request for this user and resource.\r\nTrace ID: 12345678-abcd-efab-1234-1234567890abc\r\nCorrelation ID: 12345678-abcd-1234-abcd-1234567890ab\r\nTimestamp: 2017-08-22 07:34:45Z","error":"invalid_grant"}

      Environment

      • Microsoft Azure Connector

      Steps to Reproduce

      1. Following the steps in

      Expected Results

      Crowd connects to Azure correctly

      Actual Results

      The below exception is thrown in the atlassian-crowd.log file:

      2017-08-22 07:34:46,095 http-bio-8095-exec-6 ERROR [microsoft.aad.adal4j.AuthenticationContext] [Correlation ID: 12345678-abcd-defa-abcd-123456780ab] Request to acquire token failed.
com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID '12345678-1234-abcd-efab-123456789abc'. Send an interactive authorization request for this user and resource.\r\nTrace ID: 12345678-abcd-efab-1234-1234567890abc\r\nCorrelation ID: 12345678-abcd-1234-abcd-1234567890ab\r\nTimestamp: 2017-08-22 07:34:45Z","error":"invalid_grant"}

      Workaround

      After creating the key in Azure as documented in

      • Configuring Azure Active Directory

        Create a key for the web application. Crowd will use this key to authenticate to Azure AD.

        1. Click your web application.
        2. In the API ACCESS section, click Keys.
        3. Choose a name and an expiry date for your key, then save it. Keep in mind that when the key expires and you don't replace it, Crowd will not be able to communicate with Azure AD.
        4. Copy and store the key value. You will not be able to view it after navigating away from the key settings.

        Following Step 1 - part 6 in this document

      • Cleito ODCC Installation Guide
        These permissions must now be validated by an Office 365 / Azure Active Directory administrator. Ask your Office 365 administrator to open a browser to the following address:
        https://login.microsoftonline.com/<DIRECTORY_ID>/adminconsent?client_id=<APPLICATION_ID>&state=12345&redirect_uri=<SIGN_ON_URL>

        1. Screen Shot 2018-07-24 at 09.25.48.png
          Screen Shot 2018-07-24 at 09.25.48.png
          44 kB

            [CWD-4966] Azure Directory throws The user or administrator has not consented to use the application with ID

              Unassigned Unassigned
              jrichards@atlassian.com James Richards
              Affected customers:
              1 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: