[Microsoft Login Connector] Azure AD Integration with Guest Users - Limitation on screen input parameters

Forge Component
(10)
Published on 26 Oct by Paul Davies
10 votes
Published on 26 Oct by Paul Davies

Hi everyone.

Our client is trying to integrate with Azure AD and we were able to use the Microsoft Login Connector with a few tweaks to do that for Azure accounts. We also need to do this for Guest Users and here we're getting issues.

The main one seems to be any limitation on the length of an input parameter on a callback screen since we're getting a 404 and in debug time we can't even enter the screen Preparation. If we reduce the number of characters on that input field, I'm able to debug it - but this is really just a guess.

Example:  


Screen:

image.png




Azure User - OK:

HTTP/1.1 302 Found  Cache-Control: privateContent-Type: text/html; charset=utf-8Location: https:/myserver.com/MyModule/Home.aspxServer: Microsoft-IIS/10.0Set-Cookie: ASP.NET_SessionId=--------------; path=/; HttpOnlySet-Cookie: osVisitor=a9b19406-4038-4222-ab00-349f50b40e02; path=/; HttpOnlySet-Cookie: osVisit=c486486d-da81-4cba-9652-6f046a2e7d04; expires=Tue, 02-Apr-2019 16:30:24 GMT; path=/; HttpOnlySet-Cookie: Users.sid=---------------; path=/; HttpOnlySet-Cookie: Users=----------------; expires=Fri, 12-Apr-2019 16:00:28 GMT; path=/; HttpOnlyDate: Tue, 02 Apr 2019 16:00:27 GMTContent-Length: 178

GET https://myserver.com/MicrosoftLoginConnector/Callback.aspx?code=AQABAAIAAACEfexXxjamQb3OeGQ4GugvHi6q1G_ERpfJKDd1AZqMY7tdUdqGAX_vqudaw6nuoCCq6TZhPdw92XHj2Iov82bJ1iroPsDhBpUjU8eU8iIXyAlzSrfYgiSqcrYU4_ZUPWraojq3gbuvL1sWbf5e0J_JUguKucnhkMIE4tRZzxRjcKhTxdNOJCfU1eKBZno5hbEjYyJPm3E0Xop5QCjmDs-7CRW6W8unEC4CpFB7RDqFuNny-nph3Ck-BjS8Sj4-4C652qRgKZyjB1nydU7gMxreMeVPDd9QY3uhD85D8MDx8G3HEaTTXg9-QgBIVhohAy3oAZmm6lzlcQJpwsXSs3UAKYolol9GM7F2q7auV2dIMjYgMB4P8QAYGtdzQlUQeyujp1406-c6RzE6KpCckrHV4yJCLIx9EeCbbxhQBxZ-wdf4aTlRs8S1rdHP72tHrH0cFbzJYQlJCrE_yOpsK3VLRZetrn8QfxXB_azYp5SqEml6Q0x3AC3xbMo37f6XMOudnuCJbmMrO5BMhkKa5RrENaTnTmmES9D96W6f37_JgpBdESXiqmMvYwUhW7tX7q6JZ4qQlMIJK5K6SYFRZ71ziyL88XPzLvEJ91-ISxXJXle6K1FAn1cV9wlXLG0ny0bmop_b0JIWlJOrGXlTRMQ_pvi2fQewVt896MLOwS60XQ_RDzmOG2A0lzgB_8hZzmyleMIy5bO-xFg783qDBpQIIAA&state=eb1049e5-61d9-46ef-bb0a-49b8aab06081&session_state=b24d9081-d088-4689-92ef-df5c0b4b7ed3 HTTP/1.1



Guest User -NOK:

HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0Date: Tue, 02 Apr 2019 15:56:35 GMTConnection: closeContent-Length: 1245

GET https://myserver.com/MicrosoftLoginConnector/Callback.aspx?code=AQABAAIAAACEfexXxjamQb3OeGQ4GugvQ6rpDtujVny2fhElrYu0rGytwieFrktI43VjF6TO9iNbnLGb0CIZDZVLe2Gw-y_uVac4zq7Y-dCnXV2m6BI6C5yC67LyodfbzSdkZpUjlwJr2K4W3AGOC1-Xmf6EgZxUvSlOHs9jLAnKjdU40ZiqIzQP5f9cMnziisDcmV3fRUuHWgkcBY1l1tCM4WFLimX9wvMP13mAJKBn8IM2szvbSKSLaflFYZYiL--kNV0Ec6lEcgHUU087A92z1cHQ3147VAhDNAd_T1l-A0VjlCUSqszJ2CgUaPQbJR5Wtrr2LimUjGGGqvGP7SXNDshIBTmd_mNqp85HLGBKULwr1Iqzx8Ec5n8nhAOntiW1kr3yPiwkarkZCnvZ45wP874t8t5tNMqwcm4zZ7qW-d_Iw0COb8Jr05vOxPiV5mQNzYwx-wBV_2qp7tcXkPgcve5fYkU_Ej0IHkGG3ebJQ8g_HLFGl9BL3RvZVo3oN486GCpy8Yx0692x5UzeVBq9-QpBJ_quqWYf6bntxuKr-aiSAssLG74m0xD1YAAtOSp8S826-_v4GEuhKeosl16MDoGvoayIQoKp20RWFnsuOTqFejS9r1LHFuerQwwE8Zi1Un6DC1Z6nHegSjVRjUiSEJASimqV1riMcXHQidmPhlmDnVY4IXlZjrsnCXY9-_66-bPslHrkK4DZHpOtbcFqFSkZBpDATVHA_O8x8IqvcTpjgGQP9pkGeHUAStZ84F7F6Ywr8diuRhGGlPQiGmx2koNqt3zxzKtUNNmf_j5eAgTM5EYT9zcGTiqdY3gVmDjEIC_5oIrXU8YLUimYqxKviXAG8z4MV-D-6cNLH7fKPOA9-BOcTJrGMXtA_nnnIg_jD63L-7GvuMtVbGzU4JZlBgGCoiabOrMoH_7qQ8lwwrB4OP-CXL4SHlfHeERSRld_xGwdOdlAc7tO-j-K144Db5547QxHlhktF5Ca4vmjNXuYD-a6PICJdOsx5lTQhB9fsIqPrAGuY7e6keyE_ZcKuQVLPoNbKbOS9Tqm5jMSo0I9n09eHbqNChImNqNYzIoibo9eTm1EuT8YQLJPLvYnChJ60JALsUMhOT7g9G0b3HJtR-J0CukBksSkbqVDVzuhNW0Inn_L35IHTWqZuvRUBZDIetGfIAA&state=fb0cc38f-fed1-42b9-b64c-b13cce6d3def&session_state=6fced80d-c797-4cc0-8943-33ff8159ce56 HTTP/1.1


Anyone can help us with this?

Best Regards and thank you for your time.

GM

Hi,

Do you use the latest version of the component?

The last version includes a big fix, maybe your problem is related?

Regards,

Daniel

Daniël Kuhlmann wrote:

Hi,

Do you use the latest version of the component?

The last version includes a big fix, maybe your problem is related?

Regards,

Daniel

Hi Daniel.

I'm using the latest version and as far as I was able to see the fix on the last version was only something related to the size of the DB attribute, not something like this.

Were you able to use guest accounts with this connector?

Best Regards,

GM


Solution

Hi everyone.

As I suspected and, after confirming with our support team, the issue was exactly with some configs and since we're using Cloud we couldn't change it easily.

The config is the maximum allowed content length on the web config where the defaults were:


After changing this we were able to overcome the issue:

Hope this helps someone with the same issue in the future (I'll put together more information in the near future to help on this for cloud users since for on-prem is easy).

Best Regards,

GM



Solution

Nice work thanks for identifying a solution

Gonçalo Martins wrote:

Hi everyone.

As I suspected and, after confirming with our support team, the issue was exactly with some configs and since we're using Cloud we couldn't change it easily.

The config is the maximum allowed content length on the web config where the defaults were:


After changing this we were able to overcome the issue:

Hope this helps someone with the same issue in the future (I'll put together more information in the near future to help on this for cloud users since for on-prem is easy).

Best Regards,

GM



Hi,

Is there any information available for cloud users regarding this issue?

Regards,

Aleksandar

Hello.

Trying to help some people who asked for my help on this, to change in OutSystems cloud-hosted environments follow these steps:


  1. Install the tool Factory Configuration.
  2. In the Shared Configurations tab create a new Shared Configuration with the following details:

    Name MaxUrl

    Kind: web.config_XSL

    Value:

    <?xml version="1.0" encoding="UTF-8"?><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
    
        <xsl:output method="xml" indent="yes" encoding="UTF-8"/> 
    
        <xsl:template match="@*|node()">
            <xsl:copy>
                <xsl:apply-templates select="@*|node()"/>
            </xsl:copy>
        </xsl:template>
     
        <xsl:template match="/configuration/system.webServer/security/requestFiltering">
            <xsl:copy>
                <xsl:apply-templates select="@*|node()"/>
                                  <requestLimits maxAllowedContentLength="30000000" maxURL="20480" maxQueryString="10240"/>
            </xsl:copy>
        </xsl:template>
    
    </xsl:stylesheet>
    
  3. In the eSpaces tab select the eSpaces that will have the new timeout duration and associate the shared configuration with them.


  4. Republish the eSpaces to generate the updated web.config files with the new maxQuerystring and new max URL value.


Hope it helps.

Best Regards.