Azure AD with AWS Cognito – guest account error

Anyone using Azure AD as a federated identity provider in a AWS Cognito user pool?

A customer wants to use AWS Cognito, and has some member accounts in Azure AD for their internal users, and has external vendors who have invited personal accounts in their Azure AD (B2C).

I can get it all to work when I am using internal member Azure AD accounts. However, when I try to use an Azure AD invited personal account (B2C), I end up with this error:

This login.live.com page can’t be found
No webpage was found for the web address:

https://login.live.com/oauth20_authorize.srf?client_id=<<GUID>>&scope=profile+email+openid&redirect_uri=https%3a%2f%2fmydomain.auth.us-east-2.amazoncognito.com%2foauth2%2fidpresponse&response_type=code&state=big_long_string

I can't tell what's going on here - is AWS sending it to this URL? Is Azure AD sending it there?

My Azure AD app registration is set up for "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) " so it should allow personal accounts.

When I use a personal account, the client_id in the URL above is a GUID that I do not recognize - it is not in my Azure AD or Azure tenant anywhere. (Starts with "51483342-").

submitted by /u/Googoots
[link] [comments]

Read more here: https://www.reddit.com/r/AZURE/comments/n48rbi/azure_ad_with_aws_cognito_guest_account_error/

Content Attribution

This content was originally published by /u/Googoots at Microsoft Azure, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: