Claim 'upn' was not found on the token.
Closed this issue · 8 comments
I can not load the ADD login interface through the login page. I am receiving the following error and I found it on the AdminLog page.
Why I am receiving this error? Please, help.
Claim 'upn' was not found on the token. Available claims are: , aud, iss, iat, nbf, exp, acr, aio, amr, appid, appidacr, email, family_name, given_name, idp, ipaddr, name, oid, rh, scp, sub, tid, unique_name, uti, ver
What and where I have missed?
Appreciate your support.
Thank you!
I just changed 'upn' token for now to 'unique_name'. token.
But still, one thing to clarify. It loads the profile data from the Azure AD account. But not all profile data. I can not find appropriate tokens that I use to map with DNN profile fields.
Ex: DNN Fileds - PhoneNumber, Photo, country, region, city etc.
What are the Azure AD tokens to use in the 'Mapping -> User Mapping' in the module settings?
Appreciate your support.
Thank you.
I'me having a similar issue, I'me getting this error:
Claim 'given_name' was not found on the token. Available claims are: , aud, iss, iat, nbf, exp, acr, aio, amr, appid, appidacr, ipaddr, name, oid, onprem_sid, rh, scp, sub, tid, unique_name, upn, uti, ver
The claim is there for some users, but not for others. If the claim is not present the value should be empty, and not present an error.
Hi, I am having the same issue when users do not have their names (given_name or family_name) set in the active directory. For this reason, the login process fails. I am thinking on having some rule that can fill these values based on the name (splitting by spaces to get the first and last names).
Anyone has a better idea?
Unfortunately, I cannot ask the active directory managers to fill out the names correctly so I have to come up with something else.
I've seen this behavior and on other apps they just put "Unknown" as the name. I believe that's better than throwing an exception. Sounds like another advanced setting.
Hi all,
Just a quick note. What I have done to surpass my issue not having some AD fields set was to be a little more permissive and have a method for falling back when first or last name are not defined:
Hope this contribution helps someone:
internal AzureUserData GetCurrentUserInternal(JwtSecurityToken pToken = null)
{
if (pToken == null && (!IsCurrentUserAuthorized() || JwtIdToken == null))
{
return null;
}
var claims = JwtIdToken.Claims.ToArray();
//EnsureClaimExists(claims, FirstNameClaimName);
//EnsureClaimExists(claims, LastNameClaimName);
EnsureClaimExists(claims, DisplayNameClaimName);
EnsureClaimExists(claims, EmailClaimName);
EnsureClaimExists(claims, UserIdClaim);
EnsureClaimExists(claims, "oid"); // we need this claim to make calls to AAD Graph
var user = new AzureUserData()
{
AzureFirstName = claims.FirstOrDefault(x => x.Type == FirstNameClaimName)?.Value,
AzureLastName = claims.FirstOrDefault(x => x.Type == LastNameClaimName)?.Value,
AzureDisplayName = claims.FirstOrDefault(x => x.Type == DisplayNameClaimName)?.Value,
Email = claims.FirstOrDefault(x => x.Type == EmailClaimName)?.Value,
Id = claims.FirstOrDefault(x => x.Type == UserIdClaim).Value
};
//If no first name, try and get it from the display name.
if (string.IsNullOrEmpty(user.AzureFirstName))
{
user.AzureFirstName = user.AzureDisplayName.Split(' ')
.First();
}
//If no last name, try and get it from the display name.
if (string.IsNullOrEmpty(user.AzureLastName))
{
user.AzureLastName = user.AzureDisplayName.Split(' ')
.Skip(1)
.Aggregate("", (current, next) => current + " " + next);
}
user.AzureDisplayName = $"{user.AzureFirstName} {user.AzureLastName}";
return user;
}
This is interesting, in most of scenarios I've seen this error, is because what's not filled is the DisplayName. Thing to note when developing this enhancement.
Thanks for for your contribution!
maduranga001 about the initial error related to the "upn" not being found in the token, the reason could be that the user being logged is a B2B user (this is a guest user in the current tenant).
Hope this helps.
This has been now fixed