-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Silent SSO failed. login_required: AADSTS50058: A silent sign-in request was sent but no user is signed in. #5148
Comments
@nipothar This error can be thrown for a number of reasons such as:
LoginHint is used to tell AAD which account you intend to sign-in with in the case where multiple accounts have active sessions or you require that a specific account be signed in.
No, an account passed in takes precedence. As long as the account has a non-empty "loginHint" claim, "sid" claim or username property those will be used instead of anything passed into loginHint.
The code snippets you shared above do not validate that account is not null, nor do they validate the username field is non-empty. This is likely why you are still getting the warning saying no hint is provided. Besides that, please consider using the "loginHint" optional claim as that will give you a higher degree of reliability to disambiguate sessions.
Falling back to interaction is the best way to ensure your user gets signed in and is the recommended approach. You cannot guarantee that you will never encounter this error as things like 3P cookie blocks are not something you can control, but rather are controlled by each user and their browser settings. |
@nipothar This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale. |
Thanks @tnorling for the information. I have a few more questions:
Thanks! |
This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @tnorling please follow up. |
Hi @tnorling, following-up on this. Do you have any updates on the questions above? Thanks! |
|
@nipothar This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale. |
Core Library
MSAL.js v2 (@azure/msal-browser)
Core Library Version
2.26.0
Wrapper Library
Not Applicable
Wrapper Library Version
None
Public or Confidential Client?
Public
Description
We are getting a SilentSSO failed for our application and we are trying to resolve this..
Attempted Steps:
There was one warning that was appearing fairly consistently which was:
Warning - No user hint provided. The authorization server may need more information to complete this request.
For this, we are already sending account information into the request based on this recommendation: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/login-user.md#account-apis (please see the code snippet below).
However, the warning is still persists, we made sure that the login hint was being sent through. Not sure if this is related to the issue with SilentSSO.
Couple questions here:
Error Message
Silent SSO failed. login_required: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).
Msal Logs
MSAL Configuration
Relevant Code Snippets
Reproduction Steps
We are not able to repro this locally but we see it in our logs regularly.
Expected Behavior
SilentSSO returns the appropriate token and the above error is resolved.
Identity Provider
Azure AD / MSA
Browsers Affected (Select all that apply)
Chrome, Firefox, Edge, Safari
Regression
No response
Source
Internal (Microsoft)
The text was updated successfully, but these errors were encountered: