1

I´m trying to use Azure AD as OAuth authorization provider. I have created an asp.net web application, just for testing, and registered an application in azure AD.

From the web site I created a web request to the authorize endpoint, the request sends fine, and I´m asked for credentials. After filling my user and password I always get this error:

An error occurred while processing your request.

  • HTTP Error Code: 400
  • Message: ACS50000: There was an error issuing a token.
  • Inner Message: ACS90027: Multiple principals match the ccf87be2-5370-4232-8453-0cadd770e3fe identifier.
  • Trace ID: 0a79ca43-41c8-4e91-95ee-acb25cfd6053
  • Correlation ID: e1396b28-868f-4e60-9a7d-9822f3b9d753

I think my request is OK, but I can't figure out what is happening, I´m sure there is only one application registered with that identifier. This is my request (I´m using get for testing purposes):

https://login.windows.net/[subscriptionid]/oauth2/authorize?resource=http://localhost&client_id=ccf87be2-5370-4232-8453-0cadd770e3fe&state=Windows%20Azure%20Active%20Directory&response_type=code&scope=http://localhost

I downloaded the cmdlets, using Get-MsolServicePrincipal this is what I see, there are no duplicated principals:

ExtensionData         : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled        : True
Addresses             : {}
AppPrincipalId        : 00000002-0000-0000-c000-000000000000
DisplayName           : Microsoft.Azure.ActiveDirectory
ObjectId              : 951bd0e5-23af-48e9-bda3-31ccce6a1a45
ServicePrincipalNames : {https://graph.windows.net, 
                        00000002-0000-0000-c000-000000000000, 
                        Microsoft.Azure.ActiveDirectory, 00000002-0000-0000-c00
                        0-000000000000/graph.windows.net...}
TrustedForDelegation  : False

ExtensionData         : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled        : False
Addresses             : {}
AppPrincipalId        : 00000010-0000-0000-c000-000000000000
DisplayName           : Microsoft.Azure.GraphStore
ObjectId              : 6b8ec6ad-5bc9-4256-b301-84825d77c542
ServicePrincipalNames : {00000010-0000-0000-c000-000000000000, 
                        Microsoft.Azure.GraphStore, 00000010-0000-0000-c000-000
                        000000000/graphstore.windows.net}
TrustedForDelegation  : True

ExtensionData         : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled        : True
Addresses             : {}
AppPrincipalId        : 0000000c-0000-0000-c000-000000000000
DisplayName           : Microsoft.Azure.ActiveDirectoryUX
ObjectId              : feb2afcf-e82c-4d30-b0b8-7bd875c4bd94
ServicePrincipalNames : {0000000c-0000-0000-c000-000000000000, 
                        Microsoft.Azure.ActiveDirectoryUX, 0000000c-0000-0000-c
                        000-000000000000/activedirectory.windowsazure.com}
TrustedForDelegation  : True

ExtensionData         : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled        : True
Addresses             : {}
AppPrincipalId        : 0000000f-0000-0000-c000-000000000000
DisplayName           : Microsoft.Azure.GraphExplorer
ObjectId              : 4eda2f9f-6f3c-4497-ae0c-8284fd53fff4
ServicePrincipalNames : {0000000f-0000-0000-c000-000000000000, 
                        Microsoft.Azure.GraphExplorer, 0000000f-0000-0000-c000-
                        000000000000/graphexplorer.windows.net}
TrustedForDelegation  : True

ExtensionData         : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled        : False
Addresses             : {}
AppPrincipalId        : 00000013-0000-0000-c000-000000000000
DisplayName           : Microsoft.Azure.Portal
ObjectId              : 7a5289bf-60c9-4e08-aba0-cc5a9221b4c5
ServicePrincipalNames : {00000013-0000-0000-c000-000000000000, 
                        Microsoft.Azure.Portal, 00000013-0000-0000-c000-0000000
                        00000/manage.windowsazure.net}
TrustedForDelegation  : True

ExtensionData         : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled        : True
Addresses             : {Microsoft.Online.Administration.RedirectUri}
AppPrincipalId        : ccf87be2-5370-4232-8453-0cadd770e3fe
DisplayName           : Api
ObjectId              : 570c934e-4215-4f09-a907-3bd35539080d
ServicePrincipalNames : {http://api.dnndev.me/, 
                        ccf87be2-5370-4232-8453-0cadd770e3fe}
TrustedForDelegation  : False

ExtensionData         : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled        : True
Addresses             : {Microsoft.Online.Administration.RedirectUri}
AppPrincipalId        : a51f0618-a534-4f95-955e-d1ed7802bc69
DisplayName           : pruebas
ObjectId              : d5d4c74e-0212-49de-9bc2-928b630058d7
ServicePrincipalNames : {http://pruebas.dnndev.me, 
                        a51f0618-a534-4f95-955e-d1ed7802bc69}
Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
Iñaki Elcoro
  • 2,153
  • 1
  • 18
  • 33
  • how did you register your application with Windows Azure AD? I think you just accidentally registered your app twice. Or you were playing around with the Power Shell and executed the create service principal command accidentally. You can try listing all the principals in your AD and removing the erroneous created ones. – astaykov Apr 16 '13 at 00:35
  • I just discovered the powershell interface. All the applications were registered through the management portal. I tried, after your comment to create a service principal through powershell, and it throws the same error. I'm going to update the answer with the powershell output as there are no duplicated service principals. – Iñaki Elcoro Apr 16 '13 at 04:33

0 Answers0