-
Notifications
You must be signed in to change notification settings - Fork 115
Description
Created Agent using Microsoft Agents SDK, Trying to configure SSO integration by following sample
https://github.com/microsoft/Agents/tree/main/samples/basic/authorization/auto-signin/dotnet
Our is Microsoft tenant, I have created Agent using Managed Identity for an Azure Bot, by following:
https://microsoft.github.io/Agents/HowTo/azurebot-create-msi.html
Following steps as below:
https://microsoft.github.io/Agents/HowTo/azurebot-user-authentication-fic.html
we are getting below error: { "message": "Login failed", "statusCode": 401, "responseBody": "{\"error\":\"invalid_client\",\"error_description\":\"AADSTS7002137: No matching federated identity record found for presented assertion subject '/eid1/c/pub/t/v4j5cvGGr0GRqy180BHbRw/a/9ExAW52n_ky4ZiS_jhpJIQ/7e307b14-2a27-4f66-ada8-ec6400eb4977'. Please make sure the federated identity credential Subject is '/eid1/c/pub/t/{tenantId}/a/9ExAW52n_ky4ZiS_jhpJIQ/7e307b14-2a27-4f66-ada8-ec6400eb4977'. Trace ID: 007fc931-d337-4638-8760-8f5c9c231e00 Correlation ID: bc6ac312-88fd-4b97-8d37-6566985045b9 Timestamp: 2025-07-07 10:30:48Z\",\"error_codes\":[7002137],\"timestamp\":\"2025-07-07 10:30:48Z\",\"trace_id\":\"007fc931-d337-4638-8760-8f5c9c231e00\",\"correlation_id\":\"bc6ac312-88fd-4b97-8d37-6566985045b9\"}" }
when we provide details as Subject Identifier : /eid1/c/pub/t/{base64 encoded customer tenant ID}/a/{base64 encoded 1-P app client ID}/{unique-identifier-for-projected-identity}
It gives error:
{ "error": { "code": "ServiceError", "message": "An error occured while retrieving the signin link" } }
What are the values for {base64 encoded 1-P app client ID}
and {unique-identifier-for-projected-identity}
Is it really required in base64?, then why error says ({tenantId} without base64) :
"Please make sure the federated identity credential Subject is '/eid1/c/pub/t/{tenantId}/a/9ExAW52n_ky4ZiS_jhpJIQ/7e307b14-2a27-4f66-ada8-ec6400eb4977'"
What cloud be the issue here ?