jcom.microsoft.aad.adal4j.AdalClaimsChallengeException: {"error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

Question

jcom.microsoft.aad.adal4j.AdalClaimsChallengeException: {"error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access

gowhitha opened this issue 6 years ago · 6 comments

ClasscastException in AdalOAuthAuthorizationGrant toParameters() method when trying to acquire the token.

[pool-1-thread-1] INFO com.microsoft.aad.adal4j.AuthenticationAuthority - [Correlation ID: 96cba7af-3288-4895-ad27-b0f837a848a1] Instance discovery was successful
[pool-1-thread-1] ERROR com.microsoft.aad.adal4j.AuthenticationContext - [Correlation ID: 96cba7af-3288-4895-ad27-b0f837a848a1] Execution of class com.microsoft.aad.adal4j.AcquireTokenCallable failed.
java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List
at com.nimbusds.oauth2.sdk.util.URLUtils.serializeParameters(URLUtils.java:101)
at com.microsoft.aad.adal4j.AdalTokenRequest.toOAuthRequest(AdalTokenRequest.java:159)
at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:85)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:928)
at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:70)
at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:38)
at com.microsoft.aad.adal4j.AdalCallable.call(AdalCallable.java:47)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception in thread "main" java.util.concurrent.ExecutionException: java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List
at java.util.concurrent.FutureTask.report(Unknown Source)
at java.util.concurrent.FutureTask.get(Unknown Source)
at java2crmpack.CrmApplication.getAccessTokenFromUserCredentials(CrmApplication.java:229)
at java2crmpack.CrmApplication.main(CrmApplication.java:44)
Caused by: java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List
at com.nimbusds.oauth2.sdk.util.URLUtils.serializeParameters(URLUtils.java:101)
at com.microsoft.aad.adal4j.AdalTokenRequest.toOAuthRequest(AdalTokenRequest.java:159)
at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:85)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:928)
at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:70)
at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:38)
at com.microsoft.aad.adal4j.AdalCallable.call(AdalCallable.java:47)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Answer 1 · 2018-12-03T02:26:46.000Z

After changing the oauth2-oidc-sdk jar to an older version, the ClassCastException got resolved.

Answer 2 · 2018-12-03T02:34:25.000Z

com.microsoft.aad.adal4j.AdalClaimsChallengeException: {"error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000007-0000-0000-c000-000000000000'.\r\nTrace ID: 20f3d1b3-8c97-4095-86ca-5b0250310d00\r\nCorrelation ID: 0704c2e5-4552-4c68-969d-2861734c2a03\r\nTimestamp: 2018-12-03 02:20:01Z","error":"interaction_required"}
at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:124)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:928)
at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:70)
at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:38)
at com.microsoft.aad.adal4j.AdalCallable.call(AdalCallable.java:47)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception in thread "main" java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AdalClaimsChallengeException: {"error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000007-0000-0000-c000-000000000000'.\r\nTrace ID: 20f3d1b3-8c97-4095-86ca-5b0250310d00\r\nCorrelation ID: 0704c2e5-4552-4c68-969d-2861734c2a03\r\nTimestamp: 2018-12-03 02:20:01Z","error":"interaction_required"}
at java.util.concurrent.FutureTask.report(Unknown Source)
at java.util.concurrent.FutureTask.get(Unknown Source)
at java2crmpack.CrmApplication.getAccessTokenFromUserCredentials(CrmApplication.java:233)
at java2crmpack.CrmApplication.main(CrmApplication.java:48)
Caused by: com.microsoft.aad.adal4j.AdalClaimsChallengeException: {"error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000007-0000-0000-c000-000000000000'.\r\nTrace ID: 20f3d1b3-8c97-4095-86ca-5b0250310d00\r\nCorrelation ID: 0704c2e5-4552-4c68-969d-2861734c2a03\r\nTimestamp: 2018-12-03 02:20:01Z","error":"interaction_required"}
at com.microsoft.aad.adal4j.AdalTokenRequest.executeOAuthRequestAndProcessResponse(AdalTokenRequest.java:124)
at com.microsoft.aad.adal4j.AuthenticationContext.acquireTokenCommon(AuthenticationContext.java:928)
at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:70)
at com.microsoft.aad.adal4j.AcquireTokenCallable.execute(AcquireTokenCallable.java:38)
at com.microsoft.aad.adal4j.AdalCallable.call(AdalCallable.java:47)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Answer 3 · 2019-02-06T17:13:29.000Z

I have the same issue, does someone knows how to fix it ?

Answer 4 · 2019-02-08T22:25:40.000Z

AdalClaimsChallengeException gets thrown when the tenant admin has set conditional access policy. To fix this when using Authorization code flow, you should add some code where you catch the AdalClaimsChallengeException, and redirect the user to the authorization endpoint with the claims. For an example on how to do this - look at the web app sample. Note that this will only work for interactive flows.

Answer 5 · 2019-02-11T10:06:22.000Z

Thanks for your answer @sangonzal.
In fact, I've been able to avoid receiving such errors : The OAuth request that I were sending to the Microsoft endpoint was wrong, the resource parameter were missing.
More information can be found here : https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#request-an-authorization-code.

Answer 6 · 2019-02-12T18:11:47.000Z

Thanks for confirming @julienlancelot