Reputation: 173
Azure ACS Authentication w/Google ID Keep Breaking
We're using an application that authenticates using Azure ACS with a Google ID. But the nameidentifier that we get from Google keeps changing. It appears that this is based on the IP address which fluctuates when using Azure. So I'd like to have the output claim type be something other than the nameidentifier.
However if I change the output claim type (in the Rule Group panel) for the input nameidentifier to emailaddress we get a server error when trying to authenticate: Sequence contains more than one element
Is there a trick to setting up the rule groups for Google so you get back a token that doesn't change all the time?
Upvotes: 1
Views: 282
Answers (1)
Reputation: 24895
As you already suspected, the ID is unique per realm/domain, but this should be based on the ACS namespace, not the URL of your application.
Now, using emailaddress is much safer in case you might need to use a different ACS namespace or if you no longer want to use ACS at all. In order to map the emailaddress claim to the namidentifier (output claim), you'll need to delete the actual nameidentifier first:
Upvotes: 4
Related Questions
- Sign in with Google works with Azure App Service, but not on Localhost
- Google Cloud identity token oidcToken.GetAccessTokenAsync() fails and without error message
- Access Token giving different AUD?
- How to force Azure account picker
- Google authentication not working when deployed to azure
- Azure App Services - Google account Id's not matching
- Implemeting Authentication using OpenId Connect implementation for Azure AD?
- ASP.Net Identity and Google Authentication Issue
- How do I add Google OAuth (OpenID Connect) as an IP in Azure ACS?
- Google OpenID provider consistently fails on Azure