Entra app not always directing to IDP login screen

Roberto Pili 21 Reputation points
2024-08-22T14:31:16.0466667+00:00

Hi All,

We have an issue regarding an application configured in Entra. The app, depending on the domain of the user trying to authN, redirect to a login screen of an external partner.

It all works fine if the user of this external partner, clears all browser information.

But the next time the user tries to AuthN by going to the application URL and providing it's emailadress, the redirect to the IDP login screen doesn't happen untill the browser info is deleted again. Instead the application throws an error stating login failure.

What could be the popential issue here?

Thanks for the feedback.

Gr

R

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,365 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Navya 9,565 Reputation points Microsoft Vendor
    2024-08-28T04:09:13.9833333+00:00

    Hi @Roberto Pili

    Thank you for posting this in Microsoft Q&A.

    Based on the information provided, it seems like the issue could be related to the browser caching the previous authentication information and not redirecting to the correct IDP login screen.

    Here are some potential causes:

    1.When the user authenticates with the external partner's IDP, a cookie is set in the browser. This cookie might not be properly cleared when the user closes the browser or clears browser information. As a result, the application might be relying on the existing cookie, which is causing the login failure.

    2.Similar to cookies, the application or IDP might be storing session information in the browser's local storage or session storage. This data could be persisting even after the user clears browser information, leading to the login failure.

    3.The application or IDP might be caching authentication tokens or access tokens, which are not being properly invalidated when the user clears browser information. This could cause the application to attempt to reuse an invalid token, resulting in the login failure.

    Are you using any specific authentication protocols (e.g., OAuth, SAML, OpenID Connect) with the external partner's IDP? Check the browser's developer tools (e.g., Chrome DevTools) to see if there are any errors or warnings related to cookies, sessions, or redirects.

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.