AI OnAI Off
Hi Jonathan
It looks like the user name is not properly mapped when the user returns from Azure AD. By default the OpenIDConnect library expects a claim type with a long key ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"), while your Azure AD setup returns one with a shorter one ("name").
Try adding the following piece of code to your OpenIdConnectAuthenticationOptions
instance.
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name" // Or "preferred_username",
RoleClaimType = ClaimTypes.Role
}
Hello,
We are switching our CMS project from MultiplexingMembershipProvider (Windows and SQL) to OpenId Connect (Azure AD) using documentation provided at: https://world.episerver.com/documentation/developer-guides/CMS/security/integrate-azure-ad-using-openid-connect/
Authentication is working but when I attempt to access editor (or admin) interface, I get an ArgumentNullException.
Value cannot be null.
Parameter name: userName
I have pasted the relevant area of web.config, a list of the claims I'm getting, my packages, and the details of the exception below. Any assistance would be greatly appreciated.
<authentication mode="None" />
<membership>
<providers>
<clear />
</providers>
</membership>
<roleManager enabled="false">
<providers>
<clear />
</providers>
</roleManager>
<profile defaultProvider="DefaultProfileProvider">
<properties>
<add name="Address" type="System.String" />
<add name="ZipCode" type="System.String" />
<add name="Locality" type="System.String" />
<add name="Email" type="System.String" />
<add name="FirstName" type="System.String" />
<add name="LastName" type="System.String" />
<add name="Language" type="System.String" />
<add name="Country" type="System.String" />
<add name="Company" type="System.String" />
<add name="Title" type="System.String" />
<add name="CustomExplorerTreePanel" type="System.String" />
<add name="FileManagerFavourites" type="System.Collections.Generic.List`1[System.String]" />
<add name="EditTreeSettings" type="EPiServer.Personalization.GuiSettings, EPiServer.Cms.AspNet" />
<add name="ClientToolsActivationKey" type="System.String" />
<add name="FrameworkName" type="System.String" />
</properties>
<providers>
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="EPiServerDB" applicationName="/" />
</providers>
</profile>
[0]: {aud: ***}
[1]: {iss: https://login.microsoftonline.com/***/v2.0}
[2]: {iat: ***}
[3]: {nbf: ***}
[4]: {exp: ***}
[5]: {aio: ***}
[6]: {c_hash: ***}
[7]: {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress: ***}
[8]: {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: ***}
[9]: {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: ***}
[10]: {name: ***}
[11]: {nonce: ***}
[12]: {http://schemas.microsoft.com/identity/claims/objectidentifier: ***}
[13]: {preferred_username: ***}
[14]: {rh: *** }
[15]: {http://schemas.microsoft.com/ws/2008/06/identity/claims/role: WebEditors}
[16]: {http://schemas.microsoft.com/ws/2008/06/identity/claims/role: WebAdmins}
[17]: {http://schemas.microsoft.com/ws/2008/06/identity/claims/role: Administrators}
[18]: {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier: ***}
[19]: {http://schemas.microsoft.com/identity/claims/tenantid: ***}
[20]: {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn: ***}
[21]: {uti: ***}
[22]: {ver: 2.0}
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Antlr" version="3.5.0.2" targetFramework="net452" />
<package id="BuildBundlerMinifier" version="2.4.337" targetFramework="net461" />
<package id="Castle.Core" version="4.2.1" targetFramework="net461" />
<package id="Castle.Windsor" version="4.1.0" targetFramework="net461" />
<package id="Chart.js" version="2.5.0" targetFramework="net461" />
<package id="CsvHelper" version="7.1.0" targetFramework="net462" />
<package id="EntityFramework" version="6.1.3" targetFramework="net452" />
<package id="EPiServer.AddOns.Helpers" version="0.4.0.0" targetFramework="net462" />
<package id="EPiServer.Azure" version="10.0.1" targetFramework="net462" />
<package id="EPiServer.ChangeApproval" version="1.3.0" targetFramework="net462" />
<package id="EPiServer.CMS" version="11.20.1" targetFramework="net462" />
<package id="EPiServer.Cms.AddOns.Blocks" version="2.4.1" targetFramework="net461" />
<package id="EPiServer.CMS.AspNet" version="11.20.1" targetFramework="net462" />
<package id="EPiServer.CMS.Core" version="11.20.1" targetFramework="net462" />
<package id="EPiServer.CMS.TinyMce" version="2.13.0" targetFramework="net462" />
<package id="EPiServer.CMS.UI" version="11.30.1" targetFramework="net462" />
<package id="EPiServer.CMS.UI.Core" version="11.30.1" targetFramework="net462" />
<package id="EPiServer.ContentDeliveryApi.Cms" version="2.17.0" targetFramework="net462" />
<package id="EPiServer.ContentDeliveryApi.Core" version="2.17.0" targetFramework="net462" />
<package id="EPiServer.Forms" version="4.29.3" targetFramework="net462" />
<package id="EPiServer.Forms.Core" version="4.29.3" targetFramework="net462" />
<package id="EPiServer.Forms.Samples" version="3.6.0" targetFramework="net462" />
<package id="EPiServer.Forms.ServiceApi" version="3.5.0" targetFramework="net462" />
<package id="EPiServer.Forms.UI" version="4.29.3" targetFramework="net462" />
<package id="EPiServer.Framework" version="11.20.1" targetFramework="net462" />
<package id="EPiServer.Framework.AspNet" version="11.20.1" targetFramework="net462" />
<package id="EPiServer.GoogleAnalytics" version="2.3.2" targetFramework="net462" />
<package id="Episerver.GoogleMapsEditor" version="1.0.13.0" targetFramework="net462" />
<package id="EPiServer.Insight.Cms" version="1.22.0" targetFramework="net462" />
<package id="EPiServer.Insight.UI" version="1.22.0" targetFramework="net462" />
<package id="EPiServer.Logging.Log4Net" version="2.2.2" targetFramework="net461" />
<package id="EPiServer.Packaging" version="3.4.0" targetFramework="net461" />
<package id="EPiServer.Packaging.UI" version="3.4.0" targetFramework="net461" />
<package id="EPiServer.Personalization.Content.UI" version="0.2.0" targetFramework="net462" />
<package id="EPiServer.Personalization.MaxMindGeolocation" version="1.0.0" targetFramework="net462" />
<package id="EPiServer.Profiles.Client" version="1.22.0" targetFramework="net462" />
<package id="EPiServer.Profiles.Client.Common" version="1.22.0" targetFramework="net462" />
<package id="EPiServer.Search" version="9.0.3" targetFramework="net462" />
<package id="EPiServer.Search.Cms" version="9.0.3" targetFramework="net462" />
<package id="EPiServer.ServiceApi" version="5.4.5" targetFramework="net462" />
<package id="EPiServer.ServiceLocation.StructureMap" version="2.0.3" targetFramework="net462" />
<package id="EPiServer.Session" version="1.0.1" targetFramework="net462" />
<package id="EPiServer.Social" version="3.1.0" targetFramework="net462" />
<package id="EPiServer.TinyMCESpellChecker" version="2.0.0" targetFramework="net462" />
<package id="EPiServer.Tracking.Cms" version="1.22.0" targetFramework="net462" />
<package id="EPiServer.Tracking.Core" version="1.22.0" targetFramework="net462" />
<package id="EPiServer.Tracking.PageView" version="1.1.0" targetFramework="net462" />
<package id="EPiServer.VisitorGroupsCriteriaPack" version="2.0.1" targetFramework="net461" />
<package id="Galleria.js" version="1.4.2" targetFramework="net451" />
<package id="Geta.SEO.Sitemaps" version="3.1.3" targetFramework="net462" />
<package id="Geta.Tags" version="4.0.12" targetFramework="net462" />
<package id="ImageResizer" version="4.2.5" targetFramework="net461" />
<package id="ImageResizer.Plugins.AzureReader2" version="4.2.5" targetFramework="net462" />
<package id="ImageResizer.Plugins.DiskCache" version="4.2.5" targetFramework="net462" />
<package id="ImageResizer.Plugins.EPiFocalPoint" version="2.0.1" targetFramework="net461" />
<package id="ImageResizer.Plugins.EPiServerBlobReader" version="7.2.0" targetFramework="net462" />
<package id="ImageResizer.Storage" version="4.2.5" targetFramework="net462" />
<package id="ImageResizer.WebConfig" version="4.2.5" targetFramework="net461" />
<package id="jQuery" version="3.1.0" targetFramework="net452" />
<package id="jQuery.Validation" version="1.11.1" targetFramework="net462" />
<package id="Knockout.Mapping" version="2.4.0" targetFramework="net461" />
<package id="knockoutjs" version="3.4.0" targetFramework="net461" />
<package id="log4net" version="2.0.8" targetFramework="net461" />
<package id="Lucene.Net" version="3.0.3" targetFramework="net45" />
<package id="MaxMind.Db" version="2.4.0" targetFramework="net462" />
<package id="MaxMind.GeoIP2" version="3.0.0" targetFramework="net462" />
<package id="Microsoft.ApplicationInsights" version="2.9.1" targetFramework="net462" />
<package id="Microsoft.ApplicationInsights.Agent.Intercept" version="2.4.0" targetFramework="net462" />
<package id="Microsoft.ApplicationInsights.DependencyCollector" version="2.9.0" targetFramework="net462" />
<package id="Microsoft.ApplicationInsights.Log4NetAppender" version="2.9.1" targetFramework="net462" />
<package id="Microsoft.ApplicationInsights.PerfCounterCollector" version="2.9.0" targetFramework="net462" />
<package id="Microsoft.ApplicationInsights.Web" version="2.9.0" targetFramework="net462" />
<package id="Microsoft.ApplicationInsights.WindowsServer" version="2.9.0" targetFramework="net462" />
<package id="Microsoft.ApplicationInsights.WindowsServer.TelemetryChannel" version="2.9.0" targetFramework="net462" />
<package id="Microsoft.AspNet.Cors" version="5.2.3" targetFramework="net45" />
<package id="Microsoft.AspNet.Identity.Core" version="2.2.1" targetFramework="net462" />
<package id="Microsoft.AspNet.Identity.Owin" version="2.2.1" targetFramework="net462" />
<package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net45" />
<package id="Microsoft.AspNet.OData" version="5.6.0" targetFramework="net462" />
<package id="Microsoft.AspNet.Providers.Core" version="2.0.0" targetFramework="net45" />
<package id="Microsoft.AspNet.Razor" version="3.2.3" targetFramework="net45" />
<package id="Microsoft.AspNet.SignalR" version="2.0.3" targetFramework="net45" />
<package id="Microsoft.AspNet.SignalR.Core" version="2.0.3" targetFramework="net45" />
<package id="Microsoft.AspNet.SignalR.JS" version="2.0.3" targetFramework="net45" />
<package id="Microsoft.AspNet.SignalR.SystemWeb" version="2.0.3" targetFramework="net45" />
<package id="Microsoft.AspNet.TelemetryCorrelation" version="1.0.5" targetFramework="net462" />
<package id="Microsoft.AspNet.Web.Optimization" version="1.1.3" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi" version="5.2.3" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi.Client" version="5.2.6" targetFramework="net462" />
<package id="Microsoft.AspNet.WebApi.Core" version="5.2.3" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi.Cors" version="5.2.3" targetFramework="net45" />
<package id="Microsoft.AspNet.WebApi.Owin" version="5.2.3" targetFramework="net462" />
<package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.3" targetFramework="net45" />
<package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net45" />
<package id="Microsoft.Azure.KeyVault.Core" version="1.0.0" targetFramework="net45" />
<package id="Microsoft.Azure.Search" version="3.0.3" targetFramework="net462" />
<package id="Microsoft.Azure.Services.AppAuthentication" version="1.0.3" targetFramework="net462" />
<package id="Microsoft.CSharp" version="4.4.1" targetFramework="net462" />
<package id="Microsoft.Data.Edm" version="5.8.2" targetFramework="net461" />
<package id="Microsoft.Data.OData" version="5.8.2" targetFramework="net461" />
<package id="Microsoft.Data.Services.Client" version="5.8.2" targetFramework="net461" />
<package id="Microsoft.IdentityModel.Clients.ActiveDirectory" version="3.14.2" targetFramework="net462" />
<package id="Microsoft.IdentityModel.JsonWebTokens" version="5.3.0" targetFramework="net462" />
<package id="Microsoft.IdentityModel.Logging" version="5.3.0" targetFramework="net462" />
<package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.4.403061554" targetFramework="net462" />
<package id="Microsoft.IdentityModel.Protocols" version="5.3.0" targetFramework="net462" />
<package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="5.3.0" targetFramework="net462" />
<package id="Microsoft.IdentityModel.Tokens" version="5.3.0" targetFramework="net462" />
<package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.3" targetFramework="net462" />
<package id="Microsoft.OData.Core" version="6.19.0" targetFramework="net462" />
<package id="Microsoft.OData.Edm" version="6.19.0" targetFramework="net462" />
<package id="Microsoft.Owin" version="4.1.1" targetFramework="net462" />
<package id="Microsoft.Owin.Host.SystemWeb" version="4.1.1" targetFramework="net462" />
<package id="Microsoft.Owin.Security" version="4.1.1" targetFramework="net462" />
<package id="Microsoft.Owin.Security.Cookies" version="4.1.1" targetFramework="net462" />
<package id="Microsoft.Owin.Security.OAuth" version="2.1.0" targetFramework="net462" />
<package id="Microsoft.Owin.Security.OpenIdConnect" version="4.1.1" targetFramework="net462" />
<package id="Microsoft.Owin.Security.WsFederation" version="3.0.1" targetFramework="net45" />
<package id="Microsoft.Rest.ClientRuntime" version="2.3.20" targetFramework="net462" />
<package id="Microsoft.Rest.ClientRuntime.Azure" version="3.3.6" targetFramework="net461" />
<package id="Microsoft.Spatial" version="6.19.0" targetFramework="net462" />
<package id="Microsoft.Tpl.Dataflow" version="4.5.24" targetFramework="net461" />
<package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
<package id="Microsoft.Web.RedisSessionStateProvider" version="2.2.0" targetFramework="net452" />
<package id="Microsoft.Web.Xdt" version="1.0.0" targetFramework="net461" />
<package id="Microsoft.WindowsAzure.ConfigurationManager" version="3.1.0" targetFramework="net462" />
<package id="mustache.js" version="0.7.2" targetFramework="net461" />
<package id="Newtonsoft.Json" version="11.0.2" targetFramework="net462" />
<package id="NHunspell" version="1.2.5554.16953" targetFramework="net452" />
<package id="NuGet.Core" version="2.7.2" targetFramework="net461" />
<package id="Owin" version="1.0" targetFramework="net45" />
<package id="PagedList" version="1.17.0.0" targetFramework="net452" />
<package id="PagedList.Mvc" version="4.5.0.0" targetFramework="net452" />
<package id="Postal.Mvc4" version="1.2.0" targetFramework="net45" />
<package id="RazorEngine" version="3.9.0" targetFramework="net452" />
<package id="Redlands.Insight" version="1.0.3" targetFramework="net462" />
<package id="SharpZipLib" version="0.86.0" targetFramework="net45" />
<package id="SiteImprove.EPiServer11.Plugin" version="2.7.0" targetFramework="net462" />
<package id="StackExchange.Redis.StrongName" version="1.1.603" targetFramework="net461" />
<package id="StructureMap" version="4.7.1" targetFramework="net462" />
<package id="structuremap.web" version="4.0.0.315" targetFramework="net461" />
<package id="structuremap.web-signed" version="3.1.6.191" targetFramework="net452" />
<package id="structuremap-signed" version="3.1.9.463" targetFramework="net461" />
<package id="System.ComponentModel.Annotations" version="4.4.0" targetFramework="net461" />
<package id="System.ComponentModel.EventBasedAsync" version="4.0.11" targetFramework="net461" />
<package id="System.Data.SqlClient" version="4.4.0" targetFramework="net461" />
<package id="System.Diagnostics.DiagnosticSource" version="4.5.0" targetFramework="net462" />
<package id="System.Dynamic.Runtime" version="4.0.0" targetFramework="net461" />
<package id="System.IdentityModel.Tokens.Jwt" version="5.3.0" targetFramework="net462" />
<package id="System.Linq.Queryable" version="4.0.0" targetFramework="net461" />
<package id="System.Net.Requests" version="4.0.11" targetFramework="net461" />
<package id="System.Reflection.Emit" version="4.3.0" targetFramework="net461" />
<package id="System.Reflection.Emit.Lightweight" version="4.3.0" targetFramework="net461" />
<package id="System.Security.AccessControl" version="4.4.0" targetFramework="net461" />
<package id="System.Security.Cryptography.Xml" version="4.4.2" targetFramework="net462" />
<package id="System.Security.Permissions" version="4.4.0" targetFramework="net461" />
<package id="System.Security.Principal.Windows" version="4.4.0" targetFramework="net461" />
<package id="System.Spatial" version="5.8.2" targetFramework="net461" />
<package id="System.Threading.AccessControl" version="4.4.0" targetFramework="net461" />
<package id="System.ValueTuple" version="4.5.0" targetFramework="net462" />
<package id="underscore.js" version="1.8.3" targetFramework="net461" />
<package id="WebGrease" version="1.6.0" targetFramework="net452" />
<package id="WindowsAzure.ServiceBus" version="6.0.0" targetFramework="net462" />
<package id="WindowsAzure.Storage" version="9.3.3" targetFramework="net462" />
</packages>
Value cannot be null.
Parameter name: userName
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentNullException: Value cannot be null.
Parameter name: userName
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace: