Microsoft supports Openid as an auth provider for web apps. https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-openid-connect
This works fine with auth0 but with onelogin, after signing in I receive an error via the browser "The page cannot be displayed because an internal server error has occurred."
Here is my config
{
"platform": {
"enabled": true
},
"globalValidation": {
"requireAuthentication": true,
"unauthenticatedClientAction": "RedirectToLoginPage",
"redirectToProvider": "onelogin",
"excludedPaths": []
},
"identityProviders": {
"openIdConnectProviders": {
"onelogin": {
"enabled": true,
"registration": {
"clientId": "2a55cc10-ec26-0139-d4f3-063fe3b18f59195700",
"clientCredential": {
"secretSettingName": "onelogin"
},
"openIdConnectConfiguration": {
"wellKnownOpenIdConfiguration": "https://snapcomms-dev.onelogin.com/oidc/2/.well-known/openid-configuration"
}
},
"login": {
"nameClaimType": "name",
"scope": ["openid", "profile", "email"]
}
}
},
"login": {
"tokenStore": {
"enabled": true
},
"preserveUrlFragmentsForLogins": true
},
"httpSettings": {
"requireHttps": true
}
}
}and the error from the logstream
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>
<title>IIS Detailed Error - 500.74 - Internal Server Error</title><style type="text/css"><!--body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;}code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;}.config_source code{font-size:.8em;color:#000000;}pre{margin:0;font-size:1.4em;word-wrap:break-word;}ul,ol{margin:10px 0 10px 5px;}ul.first,ol.first{margin-top:5px;}fieldset{padding:0 15px 10px 15px;word-break:break-all;}.summary-container fieldset{padding-bottom:5px;margin-top:4px;}legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;}legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px;font-weight:bold;font-size:1em;}a:link,a:visited{color:#007EFF;font-weight:bold;}a:hover{text-decoration:none;}h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;}h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;}h4{font-size:1.2em;margin:10px 0 5px 0;}#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif;color:#FFF;background-color:#5C87B2;}#content{margin:0 0 0 2%;position:relative;}.summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}.content-container p{margin:0 0 10px 0;}#details-left{width:35%;float:left;margin-right:2%;}#details-right{width:63%;float:left;overflow:hidden;}#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF;background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal;font-size:1em;color:#FFF;text-align:right;}#server_version p{margin:5px 0;}table{margin:4px 0 4px 0;width:100%;border:none;}td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:normal;border:none;}th{width:30%;text-align:right;padding-right:2%;font-weight:bold;}thead th{background-color:#ebebeb;width:25%;}#details-right th{width:20%;}table tr.alt td,table tr.alt th{}.highlight-code{color:#CC0000;font-weight:bold;font-style:italic;}.clear{clear:both;}.preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;}--></style>
</head><body><div id="content"><div class="content-container"><h3>HTTP Error 500.74 - Internal Server Error</h3><h4>The page cannot be displayed because an internal server error has occurred.</h4></div><div class="content-container"><fieldset><h4>Most likely causes:</h4><ul> <li>IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.</li> <li>IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.</li> <li>IIS was not able to process configuration for the Web site or application.</li> <li>The authenticated user does not have permission to use this DLL.</li> <li>The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.</li> </ul></fieldset></div><div class="content-container"><fieldset><h4>Things you can try:</h4><ul> <li>Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web server's machine account.</li> <li>Check the event logs to see if any additional information was logged.</li> <li>Verify the permissions for the DLL.</li> <li>Install the .NET Extensibility feature if the request is mapped to a managed handler.</li> <li>Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click <a href="http://go.microsoft.com/fwlink/?LinkID=66439">here</a>. </li> </ul></fieldset></div>
<div class="content-container"><fieldset><h4>Detailed Error Information:</h4><div id="details-left"><table border="0" cellpadding="0" cellspacing="0"><tr class="alt"><th>Module</th><td> EasyAuthModule_32bit</td></tr><tr><th>Notification</th><td> BeginRequest</td></tr>
<tr class="alt"><th>Handler</th><td> ExtensionlessUrlHandler-Integrated-4.0</td></tr><tr><th>Error Code</th><td> 0x80004005</td></tr>
</table></div><div id="details-right"><table border="0" cellpadding="0" cellspacing="0"><tr class="alt"><th>Requested URL</th><td> https://snapinf-admntlluke-test-use-as2:80/.auth/login/onelogin/callback?code=4ZZnAKFixx4BFYqh0CLBWkOsgZj&state=%2F</td></tr><tr><th>Physical Path</th><td> C:\home\site\wwwroot\.auth\login\onelogin\callback</td></tr><tr class="alt"><th>Logon Method</th><td> Not yet determined</td></tr><tr><th>Logon User</th><td> Not yet determined</td></tr>
</table><div class="clear"></div></div></fieldset></div>
<div class="content-container"><fieldset><h4>More Information:</h4>This error means that there was a problem while processing the request. The request was received by the Web server, but during processing a fatal error occurred, causing the 500 error.<p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=500,74,0x80004005,14393">View more information »</a></p><p>Microsoft Knowledge Base Articles:</p>
</fieldset></div></div></body></html>This is the output of the chrome dev tools network tab https://drive.google.com/file/d/1HCWsQH0Npasr4hxvxX-ooeg6QJQbCVzm/view?usp=sharing
Is there some onelogin settings I need to set to get this working?
Looking at your browser trace I see you’re using the Authorization Code Grant and successfully obtaining the auth code, so I would guess that you may be running into an issue in the second part of the grant where your server attempts to exchange the auth code for the tokens. First thing to check on the OneLogin app config is the token endpoint authentication method found on the SSO tab of the app connector. The way that your app/server is performing that code exchange will impact what setting should be used for the token endpoint auth method. More info can be found here: https://developers.onelogin.com/openid-connect/api/authorization-code-grant